Connect with us

Hi, what are you looking for?


Security Infrastructure

Company Leaders Misjudge Impact of Data Loss on Revenues: Research

A survey of nearly 5,000 IT security professionals globally suggests that many corporate leaders may be underestimating the impact data loss could have on their bottomline.

A survey of nearly 5,000 IT security professionals globally suggests that many corporate leaders may be underestimating the impact data loss could have on their bottomline.

According to a report (PDF) from Ponemon Institute and sponsored by Websense, 80 percent of respondents said their company’s leaders do not equate losing confidential data with a potential loss of revenue. 

The research also found that respondents find it difficult to keep track of the threat landscape facing their company, with less than half (41 percent) having a good understanding of it. Forty-eight percent said their board-level executives have a subpar understanding of security issues.

“Many people that are responsible for securing their organizations have experienced some level of attacks – even if it was a simple piece of malware that was easily removed,” said Jeff Debrosse, director of security research at Websense. “What isn’t often taken into consideration is that it’s very hard to find a security vendor that can protect organizations from attackers at different (entry) points in a network. This leaves many people feeling as there is some level of inadequacy in existing solutions. Whatever the case may be for security professionals to feel that way, one thing is for sure – we’re getting better at protecting networks and related data and adapting faster than we have in the past.”

Only 37 percent of respondents could say with certainty that their organization lost sensitive or confidential information as a result of a cyber-attack. Thirty-five percent of those who had lost sensitive or confidential information did not know exactly what data had been stolen.

“On average, organizations aren’t aware of the presence of an attacker for several months, oftentimes beyond a year,” Debrosse said. “Once the attacker’s activities have been discovered, forensic analysis will typically show some level of activity that is indicative of an intruder – but only once an organization knows to start looking; hence the importance of detecting anomalies. Since the attackers usually copy, versus destroying or modifying data, it can be difficult to assess the extent of the attacker’s activity after the fact – but there will frequently be telltale signs of some of their movements in the network. The more data organizations hold and secure themselves, the higher the risk of being attacked – especially if it is customer information, IP or financial records, in that order of precedence.”

Fifty-seven percent of respondents do not think their organization is protected from advanced cyber-attacks, and 63 percent doubt they can stop the exfiltration of confidential information. Nearly 70 percent believe cybersecurity threats sometimes fall through the cracks of their companies’ existing security systems.

According to the survey, 44 percent of the companies represented in this research experienced one or more substantial cyber-attacks in the past year. Fifty-nine percent of the companies meanwhile do not have adequate intelligence or are unsure about attempted attacks and their impact.

“While there are significant differences among countries for specific questions (such as availability of cyber attack intelligence), the overall analysis indicates that a majority of security professionals do not feel adequately armed to defend their organizations from threats,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “This challenge is further compounded by a perception that company leaders do not believe that data breaches will lead to loss of revenue. Our research has shown this is simply untrue.”

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Security Infrastructure

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Security Infrastructure

Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a...

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.


The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture