Security Experts:

Connect with us

Hi, what are you looking for?


Security Infrastructure

Company Leaders Misjudge Impact of Data Loss on Revenues: Research

A survey of nearly 5,000 IT security professionals globally suggests that many corporate leaders may be underestimating the impact data loss could have on their bottomline.

A survey of nearly 5,000 IT security professionals globally suggests that many corporate leaders may be underestimating the impact data loss could have on their bottomline.

According to a report (PDF) from Ponemon Institute and sponsored by Websense, 80 percent of respondents said their company’s leaders do not equate losing confidential data with a potential loss of revenue. 

The research also found that respondents find it difficult to keep track of the threat landscape facing their company, with less than half (41 percent) having a good understanding of it. Forty-eight percent said their board-level executives have a subpar understanding of security issues.

“Many people that are responsible for securing their organizations have experienced some level of attacks – even if it was a simple piece of malware that was easily removed,” said Jeff Debrosse, director of security research at Websense. “What isn’t often taken into consideration is that it’s very hard to find a security vendor that can protect organizations from attackers at different (entry) points in a network. This leaves many people feeling as there is some level of inadequacy in existing solutions. Whatever the case may be for security professionals to feel that way, one thing is for sure – we’re getting better at protecting networks and related data and adapting faster than we have in the past.”

Only 37 percent of respondents could say with certainty that their organization lost sensitive or confidential information as a result of a cyber-attack. Thirty-five percent of those who had lost sensitive or confidential information did not know exactly what data had been stolen.

“On average, organizations aren’t aware of the presence of an attacker for several months, oftentimes beyond a year,” Debrosse said. “Once the attacker’s activities have been discovered, forensic analysis will typically show some level of activity that is indicative of an intruder – but only once an organization knows to start looking; hence the importance of detecting anomalies. Since the attackers usually copy, versus destroying or modifying data, it can be difficult to assess the extent of the attacker’s activity after the fact – but there will frequently be telltale signs of some of their movements in the network. The more data organizations hold and secure themselves, the higher the risk of being attacked – especially if it is customer information, IP or financial records, in that order of precedence.”

Fifty-seven percent of respondents do not think their organization is protected from advanced cyber-attacks, and 63 percent doubt they can stop the exfiltration of confidential information. Nearly 70 percent believe cybersecurity threats sometimes fall through the cracks of their companies’ existing security systems.

According to the survey, 44 percent of the companies represented in this research experienced one or more substantial cyber-attacks in the past year. Fifty-nine percent of the companies meanwhile do not have adequate intelligence or are unsure about attempted attacks and their impact.

“While there are significant differences among countries for specific questions (such as availability of cyber attack intelligence), the overall analysis indicates that a majority of security professionals do not feel adequately armed to defend their organizations from threats,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “This challenge is further compounded by a perception that company leaders do not believe that data breaches will lead to loss of revenue. Our research has shown this is simply untrue.”

Written By

Click to comment

Expert Insights

Related Content

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture


The White House announced on Wednesday that the Industrial Control Systems (ICS) Cybersecurity Initiative has been expanded to include the chemical sector.


Security orchestration, automation and response (SOAR) provider Swimlane on Monday announced the launch of a security automation solution ecosystem for operational technology (OT) environments.

Application Security

Incident Response

Created and maintained by MITRE, MITRE D3FEND is a framework that provides a library of defensive cybersecurity countermeasures and technical components to help organizations...

Data Protection

Artificial intelligence is more artificial than intelligent.

Mobile & Wireless

US authorities announced a ban Friday on the import or sale of communications equipment deemed "an unacceptable risk to national security" -- including gear...