It’s rare that a day goes by without seeing news of another breach or other form of cyber attack in the news headlines. According to a recent survey, organizations are currently experiencing multiple breaches, with more than half (59 percent) of respondents citing two or more breaches in the past 12 months.
Those statistics come from the results of a survey conducted by the Ponemon Institute and sponsored by Juniper Networks. The survey included responses from 583 IT and IT security practitioners in the United States with an average of 9.57 years of experience. More than half (51 percent) were employed by organizations with more than 5,000 employees. The results revealed that the threat from cyber attacks today is nearing statistical certainty and businesses of every type and size are vulnerable to attacks.
Overall, respondents to the survey indicated that security breaches have cost them a least half a million dollars to address in terms of cash outlays, business disruption, revenue losses, internal labor, overhead and other expenses. Most respondents (59 percent) said that the most severe consequence of any breach was the theft of information assets followed by business disruption.
In May, Symantec and the Ponemon Institute released the 2010 Annual Study: U.S. Cost of a Data Breach, showing the rising cost of data breaches over the last five years. According to the report, the average organizational cost of a data breach increased to $7.2 million in 2010. The same study also revealed that malicious or criminal attacks were the most expensive form of attack, and are on the rise. In 2010, 31 percent of all cases involved a malicious or criminal act, up seven points from 2009, and cost organizations $318 per record on average, up 43 percent from 2009.
The results from the Ponemon/Jupiter Networks study seem to be in line with the study conducted for Symantec, also showing that attacks are on the rise, with 43 percent of respondents indicating there has been a significant increase in the frequency of cyber attacks during the past 12 months and 77 percent saying these attacks have become more severe or difficult to detect or contain. Disturbingly, more than one-third (34 percent) of respondents say they have low confidence in the ability of their organization’s IT infrastructure to prevent a network security breach.
“Our survey research provides evidence that many organizations are ill-equipped to prevent cyber attacks against networks and enterprise systems,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “This study suggests conventional network security methods need to improve in order to curtail internal and external threats.”
Additional key findings from the survey include:
• Only 11 percent of respondents know the source of all network security breaches.
• In the next 12 to 18 months, 47 percent say their organizations will spend the most IT security dollars on network security.
• Complexity and lack of resources are the greatest challenges to improving network security. Almost half (48 percent) cite complexity as one of their biggest challenges to implementing network security solutions.
• Combating cyber attacks can be made more effective by streamlining or simplifying network security operations, said 76 percent of respondents.
• Seventy-five percent say their effectiveness would increase by implementing end-to-end solutions.
• Twenty-eight percent are earmarking more than 10 percent of their budgets to security to address these issues.
• Employee mobile devices and laptops are seen as the most likely endpoint from which serious cyber attacks are unleashed against a company.
• The top two endpoints from which these breaches occurred are employees’ laptop computers with 34 percent and employees’ mobile devices with 29 percent.
“The size and complexity of today’s security threats continue to intensify leaving organizations and governments vulnerable to cyber attacks,” said Mark Bauhaus, executive vice president and general manager of Juniper Networks Device and Network Services business group at Juniper Networks. “Business leaders need to consider a more aggressive, systemic security approach — implementing end-to-end comprehensive protection at all points in the network to help mitigate risk.”
The full results of the study are available in a PDF format with no registration required here.