Business Needs a Better Approach to Cyber-Crime
- 1 of
-
Risky Business
69% of U.S. respondents said they are worried about the impact of cyber-threats on their growth prospects, while only 49% of global CEOs have serious concerns. -
Fear Grows
59% of respondents said they are more concerned about cyber-security threats this year than they were last year. -
Risks on the Rise
77% reported a security event in the past year, and 34% said the number of incidents increased over the previous year. -
Persistent Threats
For companies reporting security incidents, the average number detected over the past year was 135. -
In the Money
14% of respondents said monetary losses attributed to cyber-crime have increased, but two-thirds of them couldn't quantify the losses. -
Net Costs
Among those that could quantify costs, the average annual monetary loss was projected at $415,000. -
Inside, Outside
The biggest threat facing large organization is from insiders, but smaller firms face a bigger risk from outside threats. -
Overlooked Vector
Only 44% of the companies surveyed have a process for evaluating third parties before launching business operations. -
Key Deficiencies, Part I
Don't take a strategic approach to cyber-security spending. Don't assess third-party providers. Lack visibility within the supply chain. Lack adequate protections for mobile devices -
Key Deficiencies, Part II
Lack methods to assess cyber-risks. Don't adequately share intelligence threats and responses. Ignore insider threats too often. Staff awareness and training are deficient.
Digital technologies and the Internet have made it possible for hackers, thieves, spies and other cyber-crooks to unleash threats on a wider and broader scale than ever before. The results of the "2014 U.S. State of the Cybercrime Survey," a collaborative study by PwC, CSO magazine, the U.S. Secret Service and the CERT Division of the Software Engineering Institute at Carnegie Mellon University, paints an increasingly dismal picture. Incidents are on the rise, monetary losses are trending upward and most IT organizations lack the skills to match increasingly sophisticated cyber-thieves. In fact, the report found that only 38 percent of companies have a methodology to prioritize security investments based on risk and impact to business strategy. At the heart of the problem: "Cyber-criminals evolve their tactics very rapidly, and the repercussions of cyber-crime are overwhelming for any single organization to combat alone," points out David Burg, PwC's Global and U.S. Advisory Cyber-Security Leader. "The increasing sophistication of cyber-criminals and their ability to circumvent security technologies indicate the need for a radically different approach to cyber-security: a balanced approach that, in addition to using effective cyber-security technologies, develops the people, processes and effective partnerships [needed] in order to strategically counter cyber-security threats,” adds Ed Lowery, special agent in charge, Criminal Investigative Division, U.S. Secret Service. More than 500 executives in U.S. businesses, law enforcement services and government agencies responded to the survey. Here's a look at the key findings.