Good comparison of the two major reports…:
How much is enough when investing in cybersecurity? The question came up in one of two new reports which examine the state of cybersecurity today. Both reports offer up a depth of information, and just as importantly, raise an opportunity for further discussion. The Ninth Annual Cost of Cybercrime study from Accenture Security was conducted by the Ponemon Institute and The 2019 Data Breach Investigations Report comes from Verizon.
Here are a few highlights from the Verizon report:
- 69% of the breaches were perpetrated by outsiders. To that you need to add 2% by partners and 5% by multiple partners. Thirty-four percent involved internal actors.
- 43% of the breaches involved small business victims, while 16% were of public sector entities, 15% in healthcare, and 10% of financial industry organizations.
- 23% involved nation-state or affiliated actors.
- Only 71% were financially motivated while 25% were espionage.
- 56% took months to discover.
The Ponemon report told us:
- Information theft is the most expensive and fastest rising consequence of cybercrime — but data is not the only target. Core systems, such as industrial control systems, are being hacked in a powerful move to disrupt and destroy.
- Cybercriminals are adapting their attack methods. They are using the human layer — the weakest link — as a path to attacks, through increased phishing and malicious insiders. Other techniques, such as those employed by nation-state attacks to target commercial businesses, are changing the nature of recovery, with insurance companies trying to classify cyberattacks as an “act of war” issue.
- Cyberattackers have slowly shifted their attack patterns to exploit third- and fourth-party supply chain partner environments to gain entry to target systems — including industries with mature cybersecurity standards, frameworks and regulations.
- Almost 80% of organizations are introducing digitally fueled innovation faster than their ability to secure it against cyberattackers.
- Organizations are seeing a steady rise in the number of security breaches — from 130 in 2017 to 145 this year.
- The total cost of cybercrime for each company increased from $11.7 million in 2017 to a new high of $13.0 million — a rise of 12%. In the US, the average cost was $27.4 million.
- Banking and Utilities industries continue to have the highest cost of cybercrime across their sample, with an increase of 11% and 16% respectively. The Energy sector remained fairly flat over the year with a small increase of 4%, but the Health industry experienced a slight drop in cybercrime costs of 8%.
- “Our clients tell us that one of the most difficult questions when assessing their investments in cybersecurity is: How much is enough?”