Cyberattacks on one organization can have ripple effects that reach far beyond it, according to a new survey of C-level executives by Sunnyvale, Calif.-based security vendor RedSeal, Inc.
It's a similar situation to that of electric grids a few decades ago, when a problem in one section could have domino effects on electric services throughout a much wider area, said RedSeal CEO Ray Rothrock.
"Everything is interconnected," he said. "You have to worry not just about your own network, but everything connected with it."
According to the survey, 64 percent of respondents said that a cyberattack would also affect other businesses, such as partners, vendors, customers, and other members of the supply chain.
Respondents also said that a domino effect could extend to larger geographical areas -- 59 percent, and potentially expose national vulnerabilities, at 56 percent.
Respondents also gave their opinions about what industries would be affected by the ripple effect of a cyberbreach. Economic security was selected by 59 percent, followed by the financial industry at 53 percent, defense at 52 percent, national security at 47 percent, and energy and utilities at 46 percent.
About a third selected health care, insurance, entertainment, retail, transportation, and education.
The bottom line is that companies aren't just affected by cyberattacks against their own infrastructure, but also that of their partners, and that of other companies in their industry or geographical area.
"Good companies, with infinite resources, with the best engineers, with the best security systems, are still getting hacked," he said. "All the bad guys have to do is get lucky once --
and the company defending itself has to be lucky every single time."
Now, when you add in the corporate partners and other connected networks, the risks seem even more insurmountable.
"We don't have enough people," said Rothrock. "These networks are so complex, they've been built by so many people, we don't have the human capacity to understand them."
The cost of all these attacks is like a massive tax on our economy, he added.
"We're taking money that should be for developing new things that should be good for people, and use that to defend us against the bad guys," he said, admitting that his company does benefit from the security spending.
This was the first year of the survey, which was designed to provide a baseline measure of the perceived ripple effects of cyberattacks.
Rothrock did not offer any solutions but said that there's progress being made in information sharing between companies and governments.