Why Business Is Losing The War Against Cybercrime

iStock InfoSec

Price Waterhouse (PwC) and CSO Magazine just released their 2013 State of Cybercrime Survey. It shows that lack of risk awareness means companies are poorly defended. This is their 11th survey and the trends are not good. Reason is that cybercrime is skyrocketing but cyber security budgets have not budged and are too low to cope with this new threat.

The bad guys are winning the cybercrime war at the moment. It's because the good guys do not understand their enemies and because of that, they are not fighting back effectively. The survey was done over 500 U.S.  executives, security experts and others from both public and private sectors.

Proof that awareness is low, is that actual simulated phishing attack results show that an average of 33% of C-level executives are taking the bait and fall for simple or sophisticated spear phishing attacks. 

"There were no significant changes in C-Suite threat awareness, no spikes in spending on cyber-defense, no breakthroughs in the use of technology to combat cybercrime, and no significant change in the ability of organizations to measure the impact of both cybercrimes committed by insiders and those caused by external cyberattacks," the survey reported.

That, according to Dave Burg, PwC Global and US advisory cyber security leader, has been the case for a decade. "(We) have seen virtually no movement by survey respondents in the past 10 years," he said.

"Possibly the most alarming theme that came out of this year's survey results was that U.S. organizations are misjudging the severity of risks they face from cyber-attacks from a financial, reputational, and regulatory perspective," said Bob Bragdon, vice president and publisher, CSO.

Over the last five years, cybercrime has gone pro. This is now a 3 Billion dollar industry, with a well-developed underground economy that has escrow services which allow criminals to do buy and sell services and stolen data.

IT Security company Trend Micro's recent research showed that 91% of successful data breaches started with a spear-phishing email. This type of social engineering attack can only be repelled by high quality security awareness training for all employees from the Board down to the mail room.

A survey like this sometimes makes for great ammo to get more security budget.

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews