By Judy Greenwald, Crain News Service
CHICAGO (Oct. 1, 2014) — The number of cyber security incidents has increased 48 percent this year, to 42.8 million, or the equivalent of 177,339 incoming attackers per day, according to a PricewaterhouseCoopers L.L.P. survey released Sept. 30.
The survey of 9,700 officials around the globe, conducted via e-mail between March 27 and May 25, found also that the compound annual growth rate of detected security incidents has increased 66 percent year-over-year since 2009. The survey was conducted by New York-based PwC US in conjunction with CIO and CSO magazines, whose clients and readers were surveyed.
“These numbers are by no means definitive, however,” the survey report said. They “represent only the total incidents detected and reported.” Many organizations are either unaware of attacks, or do not report them, according to the report, “Managing cyber risks in an interconnected world, key findings from The Global State of Information Security Survey 2015.”
The survey found that organizations with gross annual revenues of at least $1 billion detected 44 percent more incidents than last year, while companies with revenues of less than $100 million detected 5 percent fewer incidents this year.
“The reasons are not immediately clear, but one explanation may be that small companies are investing less in information security, which may leave them both incapable of detecting incidents, and a more tempting target to cyber adversaries,” the report said.
Globally, the annual estimated reported average financial loss attributed to cybersecurity incidents was $2.7 million, an increase of 34 percent over 2013, according to the report.
The survey also found that despite the overall increase in cyber incidents, security spending decreased 4 percent compared with 2013, and has remained at 4 percent or less of the information technology budget for the past five years.
“Cyber risks will never be completely eliminated, and with the rising tide of cybercrime, organizations must remain vigilant and agile in the face of a constantly evolving landscape,” said David Burg, McLean, Virginia-based PwC's global and U.S. advisory cybersecurity leader, in a statement.
“Organizations must shift from security that focuses on prevention and controls, to a risk-based approach that prioritizes an organization's most valuable assets and its most relevant threats. Investing in robust internal security awareness policies and processes will be critical to the ongoing success of any organization,” he said.
This report appeared on the website of Crain's Business Insurance magazine, a Chicago-based sister publication of Tire Business.