According to FBI Director James Comey, “Cybercrime is becoming everything in crime… it’s an epidemic”. Attacks are increasing, costs are rising, consumer confidence is plummeting, and organizations’ responses are largely inadequate. What can you do to mitigate the increasing threats?
Attacks are increasing
There were 1.5 million monitored cyber attacks in the US in 2013 according to IBM, and that number is increasing daily.
Cisco’s 2014 Annual Security Report found that 50,000 network intrusions are detected every day.
2014 has seen massive data breaches at numerous high-profile organizations, resulting in the loss of billions of records, and a huge rise in costs for affected companies. See our November list of breaches and cyber attacks for the latest information.
Costs are rising
As Verizon’s 2014 Data Breach Investigations Report states, “The costs of a data breach can be enormous. And it’s not just the remediation costs and potential fines; the damage to your reputation and loss of customer confidence could impact your success for years. Many companies never recover from a major data breach.”
The average cost of a data breach increased from $5.4 million in 2012 to $5.9 million in 2013 according to Ponemon Institute’s 2014 Cost of Data Breach Study: United States, and the cost per record increased from $188 to $201. Organizations large and small really suffer when hit by a cyber attack.
- Home Depot’s data breach is estimated to have cost the company $43 million so far.
- Costs associated with Target’s breach have reached $148 million.
- JPMorgan Chase’s new security program, introduced after the bank lost the records of over 76 million households, will cost $250 million a year.
Consumer confidence is plummeting
A recent survey carried out by Pew Research Center’s Internet Project found that 91% of Americans believe they’ve lost control over how their personal information is collected and used by companies.
IT Governance’s Boardroom Cyber Watch Survey 2014 found that 46% of US companies have been asked for IT security credentials by customers in the past 12 months.
Ponemon Institute’s 2014 Cost of Data Breach Study: United States reports that “companies are losing more customers following a data breach. The average abnormal churn rate between 2013 and 2014 increased 15 percent.”
The response is inadequate
Although PwC’s Global State of Information Security Survey 2015 found that security budgets rose to $4.3 million in 2013, a gain of 51% over 2012, it also notes that “many respondents do not adequately safeguard their high-value information”, “deployment of mobile security has not kept pace with use”, and “almost half of respondents use cloud computing, but they often do not include cloud in their security policies.”
An international best-practice approach
Organizations that want to protect their information and prove their cyber security credentials are advised to implement ISO 27001.
ISO 27001 is the international information security management standard that sets out the requirements of an information security management system (ISMS), and against which enterprises can achieve certification to demonstrate their compliance with international best practices.
The Standard is growing in popularity and reputation: certifications to ISO 27001 increased 29% from 2012 to 2013 in the US according to the latest ISO survey, and numbers are only expected to grow.
IT Governance’s fantastic Thanksgiving deals provide great savings for North American customers on essential ISO 27000 books, tools, training, and standards, including 30% off ISO27001 training courses.