Data Breaches Rise as Cybercriminals Continue to Outwit IT

Security breaches rise again this year, costing an average of $415,000, as security pros fail to keep pace with cybercrime innovation.

Online criminals remain at least one step ahead of many IT groups, according to this year's "U.S. State of Cybercrime Survey," conducted annually by CSO magazine, the Secret Service, the Software Engineering Institute at Carnegie Mellon University, and PricewaterhouseCoopers. Deterrence and detection are both falling short of their goals: The 500 survey respondents faced an average of 135 security incidents last year, and 34 percent say that number was up compared to the previous year. Just one-third of respondents could estimate losses from their breaches; among those who could, the breaches cost $415,000, on average. Legal liabilities and lawsuits after breaches add to the costs.

Part of the problem is that only 38 percent of companies have established a way to prioritize their security investments to focus on actual risks and the repercussions they bring.

"You'll often see organizations spend to secure [against] the current big threat but not focus on building a sustainable security program," says John Pescatore, a director at the SANS Institute, a security training organization.

Better employee training decreases the costs associated with security problems, the survey finds. Companies without security training for new hires reported that their average annual financial losses related to cybersecurity incidents totaled $683,000, while those with training programs say they lost an average of $162,000 on security breaches.

Companies typically don't share information about security problems with each other, but some are starting to, through Information Sharing and Analysis Centers (ISAC). In ISACs for the defense, retail, electricity, financial services and other industries, member companies share best practices and pass on warnings and advice when attacks occur.

Cloud of Hurt

Hot technologies, especially mobile and cloud, bring new security problems. The bring-your-own-device trend, for instance, presents ongoing issues. "Mobile devices and the consumer cloud services to which they connect are moving so quickly that IT security technologies can't keep up," says Paula Tolliver, corporate vice president of business services and information systems at Dow Chemical.

Just 38 percent of those surveyed encrypt mobile devices, while less than half (49 percent) have a plan to respond to insider breaches.

Ken Swick, technical information security officer at Citigroup, says the company takes no chances with user-owned devices, cordoning them off from the enterprise network.

Cloud computing presents hazards of its own, but while two years ago 54 percent of organizations had a process for evaluating the security of third-party partners before entering a business deal with them, last year that number dropped to 44 percent. At Dow, one approach for mitigating risk is to use "mature" providers "in a private environment to ensure this level of service and security," Tolliver says.

Citi, meanwhile, doesn't permit its data to be sent to cloud systems that aren't under the bank's control, says Swick. Not all third-party providers are thrilled with the scrutiny they face during Citi's due diligence process. "We run into pushback when we tell them to fix what we find on our assessments," he says.

Join the CSO newsletter!

Error: Please check your email address.

Tags SANS Institutesecuritydata breachCSOPricewaterhouseCoopers

More about CitigroupCSOMellonPricewaterhouseCoopersSANS Institute

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by George V. Hulme

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place