Cyber crime remains the leading business risk for organisations of all sizes.
According to Symantec's 2011 State of Security survey, this is the second year in a row that cyber security has ranked higher than traditional crime, natural disasters and terrorism. Of the 3,300 C-level professionals from 36 countries surveyed, the majority of respondents suffered damages as a result of cyber attacks, yet more reported a decline in the number and frequency of attacks compared to 2010.
Despite there being a drop in the number of respondents who saw attacks in the past 12 months, with 71 per cent reporting attacks in comparison to 75 per cent in 2010, 92 per cent of companies saw losses from cyber attacks in 2011, down from 100 per cent last year.
Cyber security was named as somewhat or significantly more important than 12 months ago according to 41 per cent of respondents while in contrast, only 15 per cent think it is somewhat or significantly less important.
Greg Day, EMEA security CTO and director of strategy at Symantec told SC Magazine that while 71 per cent of businesses reporting attacks is high, the biggest cost is downtime.
Another statistic was that according to their own assessment, 52 per cent of the respondents said they are doing somewhat or extremely well in addressing routine security measures, while 51 per cent reported that they are doing somewhat or extremely well in responding to security attacks or breaches.
Day said: “This shows that most are dealing better with attacks, but the growth area is targeted attacks. They get into the chinks in the armour and my belief is that businesses realise that they need to change tactics with the way that they cope with attacks.”
Asked if the advanced persistent threat (APT) is a rising concern within organisations, Day said it was, but it was important to know the difference between an APT and a targeted attack.
“No matter how much security you add, there will always be a way in. Even if you are not a global company, more organisations are seeing attacks and with so many tools and techniques available, it is becoming so easy,” he said.
The survey further found that 29 per cent of companies experience attacks on a regular basis, while 21 per cent said that the frequency of attacks is increasing with the top attack vectors being malicious code, social engineering and external malicious attacks.
Sean Doherty, vice president and chief technology officer of enterprise security at Symantec, said: “There's no question that attackers are using more insidious, sophisticated and silent methods to steal data and wreak havoc. Organisations today have more to lose than ever before and need to keep adopting the security innovations and best practices that the industry is delivering to stay protected.”