Connect with us

Hi, what are you looking for?


Security Infrastructure

Company Leaders Misjudge Impact of Data Loss on Revenues: Research

A survey of nearly 5,000 IT security professionals globally suggests that many corporate leaders may be underestimating the impact data loss could have on their bottomline.

A survey of nearly 5,000 IT security professionals globally suggests that many corporate leaders may be underestimating the impact data loss could have on their bottomline.

According to a report (PDF) from Ponemon Institute and sponsored by Websense, 80 percent of respondents said their company’s leaders do not equate losing confidential data with a potential loss of revenue. 

The research also found that respondents find it difficult to keep track of the threat landscape facing their company, with less than half (41 percent) having a good understanding of it. Forty-eight percent said their board-level executives have a subpar understanding of security issues.

“Many people that are responsible for securing their organizations have experienced some level of attacks – even if it was a simple piece of malware that was easily removed,” said Jeff Debrosse, director of security research at Websense. “What isn’t often taken into consideration is that it’s very hard to find a security vendor that can protect organizations from attackers at different (entry) points in a network. This leaves many people feeling as there is some level of inadequacy in existing solutions. Whatever the case may be for security professionals to feel that way, one thing is for sure – we’re getting better at protecting networks and related data and adapting faster than we have in the past.”

Only 37 percent of respondents could say with certainty that their organization lost sensitive or confidential information as a result of a cyber-attack. Thirty-five percent of those who had lost sensitive or confidential information did not know exactly what data had been stolen.

“On average, organizations aren’t aware of the presence of an attacker for several months, oftentimes beyond a year,” Debrosse said. “Once the attacker’s activities have been discovered, forensic analysis will typically show some level of activity that is indicative of an intruder – but only once an organization knows to start looking; hence the importance of detecting anomalies. Since the attackers usually copy, versus destroying or modifying data, it can be difficult to assess the extent of the attacker’s activity after the fact – but there will frequently be telltale signs of some of their movements in the network. The more data organizations hold and secure themselves, the higher the risk of being attacked – especially if it is customer information, IP or financial records, in that order of precedence.”

Fifty-seven percent of respondents do not think their organization is protected from advanced cyber-attacks, and 63 percent doubt they can stop the exfiltration of confidential information. Nearly 70 percent believe cybersecurity threats sometimes fall through the cracks of their companies’ existing security systems.

According to the survey, 44 percent of the companies represented in this research experienced one or more substantial cyber-attacks in the past year. Fifty-nine percent of the companies meanwhile do not have adequate intelligence or are unsure about attempted attacks and their impact.

Advertisement. Scroll to continue reading.

“While there are significant differences among countries for specific questions (such as availability of cyber attack intelligence), the overall analysis indicates that a majority of security professionals do not feel adequately armed to defend their organizations from threats,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “This challenge is further compounded by a perception that company leaders do not believe that data breaches will lead to loss of revenue. Our research has shown this is simply untrue.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture


Identity and access governance vendor Saviynt has closed a $205 million financing round.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.


Security orchestration, automation and response (SOAR) provider Swimlane on Monday announced the launch of a security automation solution ecosystem for operational technology (OT) environments.

Identity & Access

The National Security Agency (NSA) has published a series of recommendations on how to properly configure IP Security (IPsec) Virtual Private Networks (VPNs).