Post on 28-Apr-2015
description
2012 Cyber Security Watch Survey ResultsApril 2012
2
Organizations Experiencing Increase in Number of Security Events
28%
31%
12%
10%
39%
41%
21%
18%
2011
2012
Number of Security Events During the Past 12 Months vs. the Prior 12 Months
Increased Decreased No change Not sure
Q: Please estimate the total number of cyber security events experienced by your organization during the last 12 months.
Q: When compared with the prior 12 months, cyber security events in your organizations have:Source: 2012 Cyber Security Watch Survey, CSOmagazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, April 2012
Average Number of Events
< 1,000 = 221,000+ = 300
Average Number of Events
< 1,000 = 271,000+ = 94
3
Concern About Cyber Crimes Increasing
2012
Q: Are you more concerned or less concerned about cyber security threats posed to your organization this year than those you encountered the year before?
Source: 2012 Cyber Security Watch Survey, CSOmagazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, April 2012
66%More concerned
2%Less
concerned
32%Level of concern has not changed
2011
5%Less
concerned
56%More concerned
40%Level of concern has not changed
4
Financial Impact of Cyber Security Events on the Rise
Q: When compared with the prior 12 months, monetary losses as a result of cyber security events in your organization have:
Q: Please estimate the total monetary value of losses your organization sustained due to Cyber Crime and Advanced Persistent Threats during the past 12 months, including costs associated with resolving all issues associated with the incident.
16%
16%
23%
10%
10%
7%
35%
43%
47%
42%
31%
23%
2010
2011
2012
Increased Decreased No change Not sure
Source: 2012 Cyber Security Watch Survey, CSOmagazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, April 2012
23% 7% 47% 23%
16% 10% 43% 31%
16% 7% 35% 42%
$374kaverage monetary
loss due to Cyber Crime attacks in the past 12
months, up from $123k in 2011.
Not Sure2010 – 42%2011 – 31%2012 – 23%
Is this a false sense of
knowledge?
5
Majority have Evaluation Process for Third Party Partners
Q: Do you have a process for evaluating the security of third parties with whom you share data or network access?
Source: 2012 Cyber Security Watch Survey, CSOmagazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, April 2012
57%Yes, we have a process in place
29%No, we do not have a process
in place
14%Not sure/Don’t know
Q: On average, how often do you evaluate the security of third parties with whom you share data or network access?
28%Evaluate third party partners security more
than once a year.
36%Do Not Evaluate
6
Less Than Half Have Methodology to Measure Security Effectiveness
Q: Do you have a methodology that helps you determine the effectiveness of your organization’s security programs based on clear measures?
Source: 2012 Cyber Security Watch Survey, CSOmagazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, April 2012
2012 2011
48%Yes
32%No
20%Not sure/Don’t know
41%Yes
30%No
29%Not sure/Don’t know
7
Insider Cyber Crime Characteristics
Q: Of the insiders who committed cyber crimes against your organization in the past 12 months, please indicate the percentage (average) who displayed these characteristics:
Source: 2012 Cyber Security Watch Survey, CSOmagazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, April 2012
2%
4%
9%
14%
14%
19%
50%
Violence towards coworkers
Demotion
Disruptive workplace behavior
Poor performance reviews
Formal reprimands/disciplinary action
Manager concern about behavior/performance
Violation of IT security policies
8
To Learn More
Please contact SVP, Group Publisher & CMO, Bob Melk at
bmelk@idgenterprise.com