Survey reveals the true cost of data breaches
More than a third of organizations that experienced a data breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 percent.
This is a key finding of the latest Cisco Annual Cybersecurity Report which also shows that after attacks, 90 percent of these organizations are improving threat defense technologies and processes.
Steps being taken include separating IT and security functions (38 percent), increasing security awareness training for employees (38 percent), and implementing risk mitigation techniques (37 percent).
The survey of 3,000 chief security officers and security operations leaders from 13 countries reveals budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to improving security postures. Respondents also say their security departments are increasingly complex environments with 65 percent of organizations using between six and more than 50 security products, increasing the potential for security effectiveness gaps.
The effect of breaches on organizations is substantial, 22 percent of breached organizations say they lost customers -- 40 percent of them losing more than 20 percent of their customer base. In addition 29 percent lost revenue, with 38 percent of that group losing more than 20 percent. Lost business opportunities were cited by 23 percent, with 42 percent of them losing more than 20 percent.
Hackers are becoming more corporate in their approach too, with some malvertising campaigns employing brokers (or 'gates') that act as middle managers to mask their malicious activity. This allows adversaries to move faster to evade detection.
Another worrying finding is that just 56 percent of security alerts are investigated and less than half of legitimate alerts remediated. Defenders, while confident in their tools, are battling complexity and manpower challenges, leaving gaps of time and space for attackers to use to their advantage.
"In 2017, cyber is business, and business is cyber -- that requires a different conversation, and very different outcomes," says John N Stewart, senior vice president and chief security and trust officer at Cisco. "Relentless improvement is required and that should be measured via efficacy, cost, and well managed risk. The 2017 Annual Cybersecurity Report demonstrates, and I hope justifies, answers to our struggles on budget, personnel, innovation and architecture."
More detail can be found in the full report which is available from the Cisco website.