2012 CyberSecurity Watch Survey Results

2012 Cyber Security Watch Survey ResultsApril 2012

2

Organizations Experiencing Increase in Number of Security Events

28%

31%

12%

10%

39%

41%

21%

18%

2011

2012

Number of Security Events During the Past 12 Months vs. the Prior 12 Months

Increased Decreased No change Not sure

Q: Please estimate the total number of cyber security events experienced by your organization during the last 12 months.

Q: When compared with the prior 12 months, cyber security events in your organizations have:Source: 2012 Cyber Security Watch Survey, CSOmagazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, April 2012

Average Number of Events

< 1,000 = 221,000+ = 300

Average Number of Events

< 1,000 = 271,000+ = 94

3

Concern About Cyber Crimes Increasing

2012

Q: Are you more concerned or less concerned about cyber security threats posed to your organization this year than those you encountered the year before?

Source: 2012 Cyber Security Watch Survey, CSOmagazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte, April 2012

66%More concerned

2%Less

concerned

32%Level of concern has not changed

2011

5%Less

concerned

56%More concerned

40%Level of concern has not changed

4

Financial Impact of Cyber Security Events on the Rise

Q: When compared with the prior 12 months, monetary losses as a result of cyber security events in your organization have:

Q: Please estimate the total monetary value of losses your organization sustained due to Cyber Crime and Advanced Persistent Threats during the past 12 months, including costs associated with resolving all issues associated with the incident.

16%

16%

23%

10%

10%

7%

35%

43%

47%

42%

31%

23%

2010

2011

2012

Increased Decreased No change Not sure


23% 7% 47% 23%

16% 10% 43% 31%

16% 7% 35% 42%

$374kaverage monetary

loss due to Cyber Crime attacks in the past 12

months, up from $123k in 2011.

Not Sure2010 – 42%2011 – 31%2012 – 23%

Is this a false sense of

knowledge?

5

Majority have Evaluation Process for Third Party Partners

Q: Do you have a process for evaluating the security of third parties with whom you share data or network access?


57%Yes, we have a process in place

29%No, we do not have a process

in place

14%Not sure/Don’t know

Q: On average, how often do you evaluate the security of third parties with whom you share data or network access?

28%Evaluate third party partners security more

than once a year.

36%Do Not Evaluate

6

Less Than Half Have Methodology to Measure Security Effectiveness

Q: Do you have a methodology that helps you determine the effectiveness of your organization’s security programs based on clear measures?


2012 2011

48%Yes

32%No


41%Yes

30%No


7

Insider Cyber Crime Characteristics

Q: Of the insiders who committed cyber crimes against your organization in the past 12 months, please indicate the percentage (average) who displayed these characteristics:


2%

4%

9%

14%

14%

19%

50%

Violence towards coworkers

Demotion

Disruptive workplace behavior

Poor performance reviews

Formal reprimands/disciplinary action

Manager concern about behavior/performance

Violation of IT security policies

8

To Learn More

Please contact SVP, Group Publisher & CMO, Bob Melk at

[email protected]

2012 CyberSecurity Watch Survey Results

Documents

Transcript of 2012 CyberSecurity Watch Survey Results