Managing Cyber Risks in an Interconnected World



PwC Cyber Expert Looks at the Key Findings of the 2015 Global State of Information Security Survey

According to a recent survey, the total number of security incidents detected climbed to 42.8 million this year. That’s the equivalent of 117,339 attacks per day, every day for the year.

That recent survey was PwC, CIO, and CSO’s annual Global State of Information Security® Survey which was released at the beginning of October. In its 17th year, the survey included results from 9,700 respondents (C-suite, executive, and director level), from 154 countries, representing companies from all industries with revenue sizes from small to $1billion plus.

While the entire report is a must read, here are a few of the key findings.

Larger companies detected more incidents – the survey’s sample of large companies (gross annual revenues of $1 billion or more) detected 44 percent more incidents compared to the previous year. This is great news for the large companies but medium-size companies (revenues of $100 million to $1 billion) are the real winners. They showed a 64 percent improvement in detecting more compromises than 2013.

However, small companies (revenues less than $100 million) detected 5 percent fewer incidents this year. These numbers become even more important because these companies never stand alone. Via business partnerships or collective services, these organisations are connected which can mean that the incidents of medium to small organisations can create gateways into the large organisations.

The financial cost of security incidents is also rising which won’t surprise anyone who has following the almost daily media reports associated with new security breaches.

The report states that the annual estimated reported average financial loss attributed to cybersecurity incidents was $2.7 million. That’s just the average but it’s a jump of 34 percent from the previous year. Equally concerning is the proportion of companies reporting financial hits of $20 million or more has increased 92 percent over 2013. These numbers could be even higher (billions or potentially trillions) if the value of certain information such as intellectual property and trade secrets could be quantified.

Organisations of all sizes are worried about the rising cybercrimes, but they are not showing it where it matters most: their budget. Despite the elevated risks and financial loss, the Survey showed that security budgets have declined. Global IS budgets decreased 4% compared to 2013. When compared to the percentage of the total IT budget, security spending has remained stalled at 4% or less for the past five years. In PwC’s separate report, US State of Cybercrime Survey 2014, a significant correlation was found between the level of spending and the number of events detected, but that seems to be in direct conflict to what organisations are actually doing.

The complete report can be downloaded from the PwC dedicated website - pwc.com/gsiss2015.

About Andrew Gordon

Andrew is a Partner in PwC's Cyber practice in Australia and works with clients in mining, financial services and Government sectors helping them with their information security needs. Andrew has twenty-one years experience that includes seven years in the banking sector. Andrew has presented to Industry Forums and security conferences throughout Asia on information security issues.

Andrew Gordon

Please post your comments here

Customer Spotlight: Deploying a Data Protection Program in Less Than 120 Days

Michael Ring, IT Security Architect at Jabil Circuit shares how they deployed Digital Guardian to over 40,000 users in less than 120 days. Watch the webinar on demand now.

Watch Now

Related Articles
Dan Geer on Trade-Offs in Cyber Security

A speech by cyber security expert Dan Geer

The Top 4 Cybersecurity Trends of 2015

As we near the last quarter of 2015, here’s a look at the four of the year’s top trends in cybersecurity (so far).

Biometrics Finally Ready for Prime Time

There are relatively few things we know for certain in the security industry, but one of them is that the password has become nearly useless as an authentication mechanism. Users are bad at creating them and modern computing resources have advanced to the point that attackers have little trouble cracking even complex passwords.