Cyberattacks costing U.S. businesses US$3.5 million annually, 79% of businesses lack strategies to manage these risks: Ponemon Institute

By Canadian Underwriter | July 18, 2016 | Last updated on October 30, 2024
2 min read

External cyberattacks are costing businesses in the United States about US$3.5 million in incurred annual costs, with 79% of polled businesses lacking comprehensive strategies to manage these risks, according to a new Ponemon Institute study sponsored by BrandProtect.

computer security technologyDespite acute awareness of the millions of dollars in annual costs, and the business risks posed by external internet threats, security leaders highlight the lack of staff expertise and technology as a key reason that these attacks are unchecked, the report suggests. The study, titled Security Beyond the Traditional Perimeter, surveyed 591 IT and IT practitioners in the U.S., with 20% being chief information security officers (20%) or IT security operations (45%).

Sponsored by Internet risk detection and mitigation expert BrandProtect, the report examined the threats, costs and responses of companies to external internet cyberattacks. These threats include executive impersonations, social engineering exploits and branded attacks arising outside a company’s traditional security perimeter. Security professionals cited an acute need for expertise, technology, and external services to address their growing concerns about these external threats.

Seventy-nine per cent of the IT and IT security practitioners polled indicated their defensive infrastructure to identify and mitigate those threats are either non-existent, ad hoc or inconsistently applied throughout the enterprise. On average, companies experienced slightly more than one cyberattack per month.

Other key findings included:

  • 59% of respondents say the protection of intellectual property from external threats is essential or very important to the sustainability of their companies;
  • 79% of respondents described their security processes for Internet and social media monitoring as non-existent (38%), ad hoc (23%) or inconsistently applied throughout the enterprise (18%);
  • 64% of security leaders (directors or higher) feel that they lack the tools and resources they need to monitor, 62% lack the tools and resources they need to analyze and understand and 68% lack the tools and resources they need to mitigate external threats;
  • 62% of respondents say external threats are more difficult to detect that internal threats within the security perimeter and 52% of respondents say they are more difficult to contain than internal threats within the security perimeter; and
  • 51% of respondents said that they are concerned about branded exploits and 33% say compliance/regulatory incidents are a concern.

“The majority of security leaders understand that these external Internet threats imperil business continuity,” said Larry Ponemon, president of the Ponemon Research Institute, in a press release. “The study highlights a gap in defenses against threats that have proven to be extremely effective for cyber criminals and costly for enterprises.”

Security leaders agreed that monitoring the Internet and social media is critical to gaining intelligence about external threats. In the study, an average of 30% of cyberattacks were perpetrated via the Internet or social media. Top monitoring priorities include mobile app monitoring (cited by 62% of respondents), social engineering and organizational reconnaissance (61% of respondents), branded exploits (59% of respondents) spear-phishing infrastructure (58% of respondents) and executive and high value threats (54% of respondents).

Canadian Underwriter