9,700 officials weighed in around the globe and the survey results indicate one thing: cyber security incidents are increasing, and increasing fast.
According to the email research conducted between March 27th and May 25th by PricewaterhouseCoopers L.L.P the compound annual growth rate of detected security incidents has increased a whopping 66 % year over year since 2009.
The average financial loss for cybersecurity incidents across the globe is estimated at $2.7 million, an increase of 34 % from 2013.
Moreover, cyber security incidents have increased 48 % so far this year, to 42.8 million, or the equivalent of 177,339 incoming attacks per day.
“These numbers are by no means definitive, however,” says the survey report. They “represent only the total incidents detected and reported.” Many organizations are either unaware of attacks, or do not report them, states the report, “Managing cyber risks in an interconnected world, key findings from The Global State of Information Security Survey 2015.”
Size matters
A further finding in the study found that companies with gross annual revenues of at least $1 billion detected 44 % more incidents than last year, while companies with revenues less than $100 million detected 5 % fewer incidents this year.
“The reasons are not immediately clear, but one explanation may be that small companies are investing less in information security, which may leave them both incapable of detecting incidents, and a more tempting target to cyber adversaries,” says the report.
Ignoring the issue
Despite the astounding increases in cyber incidents, security spending has decreased 4 % compared with 2013, and has remained at 4 % or less of companies information technology budget for the past five years.
“Cyber risks will never be completely eliminated, and with the rising tide of cybercrime, organizations must remain vigilant and agile in the face of a constantly evolving landscape,” said David Burg, McLean, Virginia-based PwC's global and U.S. advisory cybersecurity leader, in a statement.
“Organizations must shift from security that focuses on prevention and controls, to a risk-based approach that prioritizes an organization's most valuable assets and its most relevant threats. Investing in robust internal security awareness policies and processes will be critical to the ongoing success of any organization,” he said.
