Many firms lack robust cybersecurity, report finds

Many firms lack robust cybersecurity, report finds

on Jun 2, 14 • by Chris Bubinas • with No Comments

Many companies still lack robust cybersecurity tools and practices, as a recent Ponemon Institute report revealed...

Home » Static Analysis » Many firms lack robust cybersecurity, report finds

As hackers and cybercriminals continue to evolve, high-quality cybersecurity is a must for just about every business. The news is regularly filled with reports of companies suffering significant data breaches due to insufficient data protection efforts. Yet despite this coverage, many companies still lack robust cybersecurity tools and practices, as a recent Ponemon Institute report revealed.

Cybersecurity shortcomings
This study, sponsored by Websense, included survey responses from nearly 5,000 IT security professionals from around the world. These experts expressed a wide-ranging lack of confidence in companies' cybersecurity efforts and preparedness. Fifty-seven percent of participants indicated that their organizations do not do enough to protect themselves from advanced cyberthreats. More than two-thirds of study respondents said that cybersecurity threats at least occasionally fall through the cracks at their companies.

"This global security report shows that the cybersecurity industry still has more work to do when it comes to addressing cyberattacks," said John McCormack, CEO of Websense. "Security professionals need effective security measures and heightened security intelligence to keep organizations safe from advanced attacks and data loss."

Attack alerts
These attacks are becoming more prevalent. The Ponemon Institute study found that 44 percent of participating IT professionals had experienced at least one substantial cyberattack at their organization in the past 12 months.

Additionally, respondents indicated that their firms lack the means of accurately identifying or understanding these incursions. Nearly six-tenths of participants said their companies are unsure about attempted cyberattacks and the consequences of such efforts. More than half said that their cybersecurity solutions cannot identify the root causes behind any given cyberattack, and 35 percent of respondents whose firms had lost sensitive data could not identify precisely what information was stolen.

Only 41 percent of respondents said that they have a good understanding of the nature and breadth of the threats their companies now face.

"While there are significant differences among countries for specific questions (such as availability of cyberattack intelligence), the overall analysis indicates that a majority of security professionals do not feel adequately armed to defend their organizations from threats," said Larry Ponemon, chairman and founder of the Ponemon Institute.

Dangerous misconceptions
Making matters worse, the study found that that many business leaders do not appear to appreciate the full significance of data breaches. Four-fifths of the IT security professionals surveyed said that their company decision-makers do not equate the loss of sensitive data with the loss of potential revenue.

But the Ponemon Institute's research suggests that there is a very clear connection between these two. On average, every record lost or stolen during a data breach will cost a company approximately $188. Considering the typical size and extent of data breaches, the average cost of these incidents is $5.4 million.

Obviously, these statistics suggest that companies that fail to adequately invest in cybersecurity measures are not saving money. On the contrary, firms are simply setting themselves up for greater losses down the line.

Improvements needed
It is therefore in every company's best interest to take strong steps to ramp up their cybersecurity as much as possible. To this end, high-quality software security tools are essential for any firm engaged with software development.  For example, static code analysis solutions can identify potential reliability issues or vulnerabilities early on, before the code is pushed out. By incorporating automation into these processes, firms can add a much more reliable, robust layer of security than would be possible with less sophisticated solutions.

Learn more:
• Learn how to protect your code from common injection attacks (PDF)
• Read how, despite the Heartbleed flaw, open source isn’t doomed

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top