Connect with us

Hi, what are you looking for?


Security Infrastructure

Company Leaders Misjudge Impact of Data Loss on Revenues: Research

A survey of nearly 5,000 IT security professionals globally suggests that many corporate leaders may be underestimating the impact data loss could have on their bottomline.

A survey of nearly 5,000 IT security professionals globally suggests that many corporate leaders may be underestimating the impact data loss could have on their bottomline.

According to a report (PDF) from Ponemon Institute and sponsored by Websense, 80 percent of respondents said their company’s leaders do not equate losing confidential data with a potential loss of revenue. 

The research also found that respondents find it difficult to keep track of the threat landscape facing their company, with less than half (41 percent) having a good understanding of it. Forty-eight percent said their board-level executives have a subpar understanding of security issues.

“Many people that are responsible for securing their organizations have experienced some level of attacks – even if it was a simple piece of malware that was easily removed,” said Jeff Debrosse, director of security research at Websense. “What isn’t often taken into consideration is that it’s very hard to find a security vendor that can protect organizations from attackers at different (entry) points in a network. This leaves many people feeling as there is some level of inadequacy in existing solutions. Whatever the case may be for security professionals to feel that way, one thing is for sure – we’re getting better at protecting networks and related data and adapting faster than we have in the past.”

Only 37 percent of respondents could say with certainty that their organization lost sensitive or confidential information as a result of a cyber-attack. Thirty-five percent of those who had lost sensitive or confidential information did not know exactly what data had been stolen.

“On average, organizations aren’t aware of the presence of an attacker for several months, oftentimes beyond a year,” Debrosse said. “Once the attacker’s activities have been discovered, forensic analysis will typically show some level of activity that is indicative of an intruder – but only once an organization knows to start looking; hence the importance of detecting anomalies. Since the attackers usually copy, versus destroying or modifying data, it can be difficult to assess the extent of the attacker’s activity after the fact – but there will frequently be telltale signs of some of their movements in the network. The more data organizations hold and secure themselves, the higher the risk of being attacked – especially if it is customer information, IP or financial records, in that order of precedence.”

Fifty-seven percent of respondents do not think their organization is protected from advanced cyber-attacks, and 63 percent doubt they can stop the exfiltration of confidential information. Nearly 70 percent believe cybersecurity threats sometimes fall through the cracks of their companies’ existing security systems.

According to the survey, 44 percent of the companies represented in this research experienced one or more substantial cyber-attacks in the past year. Fifty-nine percent of the companies meanwhile do not have adequate intelligence or are unsure about attempted attacks and their impact.

“While there are significant differences among countries for specific questions (such as availability of cyber attack intelligence), the overall analysis indicates that a majority of security professionals do not feel adequately armed to defend their organizations from threats,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “This challenge is further compounded by a perception that company leaders do not believe that data breaches will lead to loss of revenue. Our research has shown this is simply untrue.”

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

More People On The Move

Expert Insights