79% of businesses lack comprehensive strategies to manage risk

Cyber-risks - are you prepared?
Cyber-risks - are you prepared?

A new study has revealed that security leaders are pointing the finger at the lack of staff expertise and technology. CIOs and CISO name these as key reasons that attacks keep happening, despite acute awareness of the millions of dollars in annual costs, and the business risks posed.

The study named “Security Beyond the Traditional Perimeter” by Ponemon Institute has shown that 79 percent of IT security practitioners  feel their defence infrastructure is just not up to scratch. Respondents indicated their material ability  to identify and mitigate threats is either non-existent, ad hoc or inconsistently applied throughout their enterprises.

The study also found that the companies represented in this research averaged more than one cyber-attack per month and incurred annual costs of approximately £2.65 million (US$3.5 mil) because of these attacks.

The study examined the threats, costs and responses of companies to external internet cyber-attacks. These threats include executive impersonations, social engineering exploits, and branded attacks arising outside a company's traditional security perimeter.  

Security professionals cited an acute need for expertise, technology, and external services to address their growing concerns about external threats.

Security leaders agreed that monitoring the internet and social media is critical to gaining intelligence about external threats. Top monitoring priorities include mobile app monitoring (cited by 62 percent of respondents), social engineering and organisational reconnaissance (61 percent of respondents), branded exploits (59 percent of respondents) spear-phishing infrastructure (58 percent of respondents), and executive and high value threats (54 percent of respondents.)

“As external threats explode in both frequency and sophistication, forward-leaning security teams are actively prioritising external threat detection, intelligence and mitigation in their objectives,” said Roberto Drassinower, CEO of BrandProtect. “But as evidenced in today's report by the Ponemon Institute, the majority of enterprises still have a long way to go.  Despite losing millions of dollars annually to external and branded exploits, security teams are dealing with a significant readiness gap.”

The Ponemon Institute survey received 591 respondents from 505 different companies representing a wide range of industries, making this one of the most comprehensive investigative surveys to date on external threat awareness, costs, preparedness and mitigation.