Report Shows Cyber Security Frequency and Costs Continue to Rise
As the federal government begins its annual National Cyber Security Awareness campaign for the month of October, a new report on the subject from pricewaterhouseCoopers (pwc) reveals that the total number of security incidents detected by their survey respondents climbed to 42.8 million this year, an increase of 48% from 2013. Taking a longer view, the pwc’s survey data shows that the compound annual growth rate of detected security incidents has increased 66% year over year since 2009. While these numbers are by no means definitive, says the report, they do represent only the total incidents detected and reported. Many organizations indeed are unaware of attacks, while others do not report detected incidents for strategic reasons or because the attack is being investigated as a matter of national security.
Other key findings from the report include the fact that annual financial costs of investigating and mitigating security incidents increased substantially this year, particularly among large organizations. The average financial loss for cyber security incidents across the globe is estimated at $2.7 million, an increase of 34% from 2013. In addition, the number of respondents reporting losses of $20 million or more almost doubled over 2013. The increase in financial losses is not only due to the rise in security incidents but also because of the more sophisticated compromises we’re seeing that go beyond IT to other areas of the business. “Financial losses may now include remediation of more customer impacts and not just operational disruptions”, says the report.
Moreover, internal threats from employees are the principal cause of security incidents, cites the pwc study. This is underscored by recent data collected by a cyber liability insurer: Employees are far more likely to either send emails and faxes to the wrong party (31% of data breaches) or to simply lose physical records (24%).
Disconcerting is that despite the astounding increases in cyber incidents and the insight into where many of the vulnerabilities lie, security spending has decreased 4% compared with 2013, and has remained at 4% or less of companies’ information technology budget for the past five years. “Cyber risks will never be completely eliminated, and with the rising tide of cybercrime, organizations must remain vigilant and agile in the face of a constantly evolving landscape,” said David Burg, McLean, Virginia-based PwC’s global and U.S. advisory cyber security leader, in a statement.
Caitlin Morgan offers cyber liability insurance to a wide array of businesses and organizations, including medical facilities, education institutions, and others, to help transfer many of the costs involved in what is now the new normal of cyber threats. We also provide strong risk management, which include cyber security to help mitigate exposures and prevent losses. We can help you find a cyber solution for your clients. Give us a call at 877.226.1027.