U.S.

Organizations Are Still

LOSING THE
CYBERWAR
To Hackers in 2014
Current State of Cybercrime Hits Home
59%
of surveyed respondents were more concerned about
cybersecurity than the previous year, here is why:
of companies have a
methodology to prioritize
security investments
based on risk and impact
to business strategy.
Only 38%
77%
of organizations have
reported a security event
in the past 12 months.
135
average cyber incidents per
organzation in the last year.
34%
said the number of
security incidents
increased over
previous year.
of U.S. respondents are
worried about the impact
of cyber threats to their
business growth
prospects, compared
with 49% of
global CEOs.
69%
Lack of Cybersecurity Leadership
Costs Organizations
of those who detected a
security incident were not
able to estimate the
financial costs.
69%
could estimate the average
annual monetary loss and
claimed it was
ONLY 33%
$415,000
of all U.S. entities reported financial losses of
19%
$50,000 - $1 MILLION
Study Reveals 8 Major Cybersecurity Concerns
Most organizations
do not take a
strategic approach
to cybersecurity
spending
Organizations do
not assess security
capabilities of third-
party providers Supply chain risks
are not understood
or adequately
assessed
Security for
mobile devices is
inadequate and has
elevated risks
Cyber risks are
not sufficiently
assessed
Organizations do
not collaborate to
share intelligence
on threats and
responses
Insider threats are
not sufficiently
addressed
Employee training
and awareness is
very effective at
deterring and
responding to
incidents, yet
lacking at most
organizations
1
2
3
4
5
6
7
8
Combatting Cybercrime Involves Collaboration
and Strategic Spending
of companies with
high-performing security
practices collaborate with
others to deepen their
knowledge of security and
threat trends.
82%
of CSOs expect their time
with business leaders to
increase over the next
three years.
79%
are placing more value on
risk management in the next
12 months while 49%
expect their budgets to
increase in that same span.
61%
$683,000
Companies without security training for
new hires reported average annual losses of
for those who do have training.
RISK
MANAGEMENT
say insider crimes are more
costly or damaging than
incidents perpetrated by
outsiders. However, 49%
of all respondents have a
plan for responding to
insider threats.
32%
Cybercrime is a clear, present,
and permanent danger. While its
a permanent condition, however,
the actors, threats, and
techniques are very dynamic.
Tom Ridge,
CEO of Ridge Global
and first secretary of
the U.S. Department
of Homeland Security
In todays cybercrime environment, security decision-makers rely on CSO
and their partners for the latest in security solution products and services.
Contact Bob Bragdon, Publisher, CSO at bbragdon@cxo.com or visit
www.csomediakit.com to learn how CSO is helping to lead the fight against
cybercrime and to request the full results of this study.
Sources: 2014 U.S. State of Cybercrime Survey from CSO,
PwC, U.S. Secret Service, and CERT Division of Software
Engineering Institute at Carnegie Mellon University; 2014
State of the CSO Study; PwCs Annual Global CEO Survey 2014;
PwC, Global Economic Crime Survey 2014, February 2014
Over 500 U.S. executives, security
experts, and others from private and
public sectors responded to the 2014
U.S. State of Cybercrime Survey.
CEOs Make Headlines Following Breaches
compared to $182,000
Security Decision-Makers Collaborate with CSO
and their Trusted Partners
Target CEO Resignation
Highlights Cost of
Security Blunders
10 Mistakes
Companies Make
After a Data Breach
Apple CEO Says
iCloud Security Will
Be Strengthened
csoonline.com, September 2014 csoonline.com, May 2014 csoonline.com, November 2013
on average