About 75 percent of enterprises have experienced some sort of cyber attack in the past year and most are reporting “somewhat to extremely fast growth” in the pace of attacks, according to a survey released recnelty by the information security firm Symantec [SYMC].
Moreover, the costs of the attacks are expensive, costing businesses an average of $2 million a year, says a report accompanying the survey, 2010 State of Enterprise Security. The survey is the first by Symantec exploring the cyber threats and related costs facing entire companies and even some government agencies.
The types of costs include lost revenue, lost productivity and lost customer trust, the survey says. The types of losses include downtime of environment, theft of intellectual property and theft of customer credit card information, Symantec says.
“The costs of cyber attacks are financial, brand, stock price and a lot of other things as well,” the survey quotes an information technology (IT) operations manager at a large auto dealership as saying. “But the biggest cost is a ruined reputation. Who wants to do business with a company that cannot protect their customers’ information?”
The survey included over 2,100 enterprises in 27 countries, with respondents including chief information officers, chief information security officers and senior IT management, portraying their security experiences.
Symantec presents four key findings from its survey. The first is that enterprise security is the top concern among IT managers.
That’s “interesting” because in the past it was things like cost and infrastructure but now “it’s getting more difficult to secure” enterprise IT systems, Matthew Steele, director of Strategic Technology at Symantec, told sister publication Defense Daily.
On average, IT departments have 120 staff assigned to security and compliance and at large enterprises the number is 232, the survey says. And over 90 percent of organizations expect to make changes to their cyber security efforts this year, it adds.
The second finding is that enterprises are experiencing frequent attacks. Of the 75 percent of enterprises that have experienced an attack in the past year, 18 percent are attacked on a regular basis and 11 percent have either a large or extremely large number of attacks, Symantec says.
“The target of the attacks is data,” Steele said. “They are out there stealing information from companies.”
As for the costs to enterprises from cyber attacks, large organizations average close to $2.8 million annually, the survey says.
Finally, Symantec finds that enterprise security is also becoming more difficult. This is in part because of understaffing, which is compounded by new IT initiatives and technologies that are making security more difficult, the survey says.
These initiatives include things like infrastructure-as-a-service and server virtualization and technologies such as cloud computing, the survey says.
The findings in the survey largely track Symantec’s observations from its previous reports, which are based on data provided from partners as well as its own statistics generated by software and sensors it has deployed, Steele said.