Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Companies Not Keeping Pace with Growing Cybercrime Threats: Survey

Cybercrime is on the rise, and most organizations remain unsuccessful at thwarting the attacks, according to the latest cybercrime survey.

Cybercrime is on the rise, and most organizations remain unsuccessful at thwarting the attacks, according to the latest cybercrime survey.

Organizations have made little progress developing defenses against both internal and external attackers, according to the 2013 State of Cybercrime Survey from PwC and CSO Magazine released Thursday. More worryingly, organizations seem unaware of the potential fallout from insider crimes.

Organizations are misjudging the severity of risks they face from a financial, reputational, and regulatory perspective. Attacks are on the rise partly because organizations now have a bigger attack surface, a natural consequence of doing business in a more interconnected and interdependent landscape. While public perception tends to focus on the headlines focusing on successful attacks from nation-states, insiders pose just as great a security risk to organizations, according to the survey.

“The potential threat from insiders cannot be underestimated or dismissed as inconsequential,” said Ed Lowry, Special Agent in Charge at the U.S. Secret Service’s Criminal Investigative Division.

Respondents were just as likely to say insider crimes would cause more damage to the organizations as external attacks. In fact, a few more respondents were concerned about internal attacks, at 34 percent, than those worried about external attacks, at 31 percent, according to the study.

Insiders aren’t always malicious. As the survey found, twice as many respondents acknowledged that “non-malicious insiders” caused more sensitive data loss than malicious inside actors. A good example of non-malicious insiders is the employee who accidentally lost an unencrypted USB drive or laptop containing sensitive data.

“One of the key elements in defending against insider attacks is employee training and awareness,” said David Burg, a principal consultant in PwC’s U.S. Advisory practice focused on cyber-security.

Advertisement. Scroll to continue reading.

The survey also found that 17 percent of respondents who had suffered an insider attack did not know what the consequences were for the incident. About a third had no formalized insider threat response plan. Of those who did know what the insider threat handling procedures were, the majority reported that the cases were handled in-house, without legal action or law enforcement involvement

Organizations should cooperate with government agencies when faced with the severe attacks, such as those from nation-states, PwC said.

Organizations should have a comprehensive cyber-security plan that addresses both physical and IT systems security threats, the survey said. The plan needs to have components addressing education, training, and awareness of all employees and redundant auditing procedures to help mitigate vulnerabilities.

“Today’s organizations are not taking the necessary steps to mitigate the risk of cybercrime, even in the face of increasingly serious and frequent threats,” said Burg.

Even though the current gap is the result of years of organizations underinvesting in security programs, technologies, and processes, it is still possible to meet the cyber-security challenge, according to PwC.

Organizations with vigilant and proactive awareness of the threat environment, a strong asset identification and protection program, and proactive monitoring and enhanced incident response processes can successfully mitigate the attacks, PwC said. Cyber-security strategy needs to be aligned with the organization’s business strategy.

“Cybersecurity is a business imperative, and senior executives and Boards need to understand the challenges, educate their employees to raise awareness and increase vigilance, and apply cyber threat intelligence to help abate risks from sophisticated threat actors,” Burg said.

Over 500 senior executives, security experts, and managers from both the public and private sectors in the U.S. answered survey questions between March and April as part of this year’s Cybercrime survey.

The annual cybercrime survey is a collaborative effort between PwC, CSO, the U.S. Secret Service, the Software Engineering Institute CERT Program at Carnegie Mellon University, and the Federal Bureau of Investigation.

The full survey report is available online.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...