Ponemon study: Cyber attacks more frequent, severe

Cyber attacks are becoming more frequent and severe, and the vast majority of businesses have suffered at least one data breach in the past year, a Ponemon Institute survey says.

According to the survey, 77% of respondents say attacks have been more severe or more difficult to prevent over the past 12 to 18 months, while 78% say attacks are more frequent. The survey was sponsored by Juniper Networks.

Only 10% of those who answered the survey say they had no data breaches and 53% say they had one to three.

ONE EXAMPLE: Northrop Grumman constantly under attack by cyber-gangs 

Given these numbers, 53% have low confidence that their networks would avoid attacks in the next year; 24% say they have high confidence they won't suffer attacks, the survey says. A third (34%) have low confidence their network infrastructure can protect against attacks.

"We believe the fact that so many organizations are having multiple breaches is resulting in a low opinion about security preparedness and a low level of confidence they have to prevent a future attack," the survey says.

The cost of 55% of the breaches was between $250,000 and $1 million, with 19% saying the cost was more than that, and 16% saying they couldn't determine what their breaches cost.

Data breach quiz

Most of the incursions took place on mobile devices (28%) or on devices owned by business partners (27%). Another 20% took place in corporate branch offices and 16% at headquarters.

Of those companies that did suffer attacks, 40% don't know where the attacks came from. The top three causes of security breaches are insider abuse, malicious software downloads and malware from a Web site.

Employee laptops were the most common (34%) endpoint from which security breaches occurred followed by mobile devices such as tablets and smartphones (29%) and corporate desktops (28%).

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitydata breachlegalPonemon Institutejuniper networkscybercrime

More about JuniperJuniperLANNorthrop Grumman

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place