Cybercrime continues to rise but spending falls, PwC says

Information Technology Press Releases Wednesday October 29, 2014 14:01
Bangkok--29 Oct--PwC Thailand

Information technology security breaches rose by 48% to 42.8 million attacks across the globe in the past year as businesses spent less to stop them, according to The Global State of Information Security® 2015 by PwC in conjunction with CIO and CSO magazines.

The reported figure is equivalent to 117,339 attacks a day and represents a 66% surge of year-on-year detected incidents since 2009, a worldwide survey of more than 9,700 executives and IT directors in 154 countries reveals.

Cybercrime is rising dramatically, led by a 41% jump in the number of security incidents in Europe, 11% in North America, and 5% in the Asia Pacific.

This led to a substantial increase in the financial costs of investigating and mitigating attacks. Globally, the estimated average financial loss from cybersecurity was $2.7 million, a 34% rise from the previous year. The number of respondents reporting losses of $20 million or more almost doubled over 2013.

“Information security spending isn’t keeping pace with increases in the frequency and costs of security incidents, despite elevated concerns about cyber risks,” Vilaiporn Taweelappontong, Partner at PwC Consulting (Thailand) Ltd., said.

In fact, investments in information security budgets declined 4% to just $4.1 million over 2013, she said.
Security spending as a percentage of the IT budget has remained fixed at 4% or less for the past five years, the findings showed.

Worryingly, small organisations or those with revenue of less than $100 million have been particularly lax in security spending. They slashed security investments by 20% over 2013 while large and medium companies spent modestly with a 5% rise in security budget.

Even though cyber risks will never be completely abolished, “today’s businesses across the world, including Thailand, must do more to ensure they implement a risk-based approach to security that prioritises their most valuable assets, while at the same time, proactively addresses the most relevant threats,” Vilaiporn said.

PwC’s 17th annual survey found that organisations of all sizes and in all industries are aware of the serious risks involving cybersecurity. However, larger companies do detect more breaches.

Large businesses with gross revenue of $1 billion or more detected 44% more incidents in 2014.Medium-sized companies with revenues of $100 million to $1 billion witnessed a 64% rise in the number of detected incidents, it said.

As large, well-capitalised companies implement more stringent information security safeguards, threat actors are simultaneously increasing their assaults on middle-tier companies whose security practices aren’t readily in place compared to that of the larger businesses, Vilaiporn explained.

“Today, most organisations realise that cybersecurity has become a persistent, all-encompassing business risk,” Vilaiporn said. “But as the frequency and cost of incidents continue to rise, many businesses have failed to update critical information security processes, technologies, employee security awareness and training programmes.”

Employees are the most-cited culprits of cybercrime
Insiders—which includes current and former employees—have become the most-cited perpetrators of cybercrime.

According to the study, respondents said incidents caused by current employees rose by 10%. However, employees aren’t the only source of rising insider threats. Third parties with trusted access to networks and data, including current and former service providers, consultants and contractors also ranked as top insider threats.

“When organisations overlook the threats residing inside their ecosystems, the effects can be devastating. Yet many companies haven’t implemented processes and technologies to address internal incidents,” she warned.

Vilaiporn said those executives who compromise or handle their organisational crimes internally instead of involving law enforcement and initiating legal charges would also leave other firms vulnerable to repeated attacks if they were to recruit these wrongdoers in the future.

Business leaders still lag when it comes to raising effective security awareness that requires top-down communication and commitment.

Another worrisome finding is a diminished commitment to employee training and awareness programmes. Fewer than half (49%) of respondents surveyed say their company has a proper cross-organisational team to manage information security issues regularly.

Forty-two percent of respondents say their Board actively participates in an overall security strategy and just 36% say the Board is involved in security policies.
The Asia Pacific sets the pace in security practices
The Asia Pacific remains a leader in implementing strategic processes and safeguards for information security, setting the pace in various practices.

The region is most likely to have an information security strategy that is aligned to the needs of the business (66%) and to have a senior executive who communicates the significance of security across the organisation (73%).

The Asia Pacific ties with South America and North America in one key practice with 58% of respondents from the three regions say they have security standards for external partners, customers, suppliers, and vendors.

While the Asia Pacific has led the way in security spending in recent years, the region reports a 13% decline in information security budgets in 2014. Respondents also report that financial losses due to security incidents increased by 22% over 2013.


Latest Press Release

Huawei CEO:Entity list doesnt have much impact on Huawei

The Entity list doesn't have much impact on Huawei. Most of the company's advanced equipment does not contain US components, but are more efficient than before, Huawei founder and CEO Ren Zhengfei said during a recent interview. The US Commerce...

TECH5 Becomes the First ABIS Vendor to Fully Integrate Its Biometric Technologies With MOSIP(R) Identity Management Platform

TECH5 has successfully integrated MOSIP(R)1 with its T5-ABIS2 platform and Biometric SDKs for finger, iris and face recognition. TECH-5 presented a tested and ready-to-use solution with implemented biometrics to the Executive Committee and International...

86% of Users Quit Shopping Apps After 4 Weeks: New Research From CleverTap

- The ecommerce Industry Benchmark report from CleverTap highlights user engagement strategies that can help online retailers boost retention and customer lifetime value CleverTap, the full-stack customer retention platform that helps consumer brands...

Thefts from Boats Prompt New Surveillance System for Yarmouth Harbour from Dahua Technology

A video surveillance system with around 40 IP and thermal cameras from Dahua Technology has been installed at Yarmouth Harbour on the Isle of Wight. The harbour consists of a large marina, docks for the Wightlink Ferry terminal, and pontoons and boat...

Dahua Technology Partners with Pepper to Bring Heightened Security to Its Video IoT Devices

Dahua Technology, a world-leading manufacturer of video surveillance products, announced today a strategic partnership with Pepper, an IoT platform-as-a-service, to allow the integration of its intelligent solutions into Dahua hardware. Pepper's...

Related Topics