Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

3Ds of organisational cybersecurity – Deficient, disconnect, and in the dark: Ponemon Institute

Zafirah Salim | May 12, 2014
The first-part of Ponemon Institute’s study revealed a deficit in enterprise security systems, a disconnect in how confidential data is valued, and limited visibility into cybercriminal activity.

There is a deficit in security solution effectiveness, a disconnect regarding the perceived value of confidential data, and limited visibility into cybercriminal activity.

This is according to findings of a first-part study conducted by Ponemon Institute titled “Exposing the Cybersecurity Cracks: A Global Perspective”. The study, sponsored by computer security software company Websense Inc, surveyed approximately 5,000 IT security professionals across 15 countries.

Deficient in security solution effectiveness

Findings revealed that security professionals have systems that fall short in terms of protection from cyber attacks and data leakage. As such, there is a global consensus that security professionals need access to heightened threat intelligence and defenses. Since the security landscape is constantly evolving, the ability to anticipate, identify and reduce threats, are critical.

There is a deficiency in an organisation’s ability to protect against  cyber attacks since they do not have the right technology to stop data loss and theft. Results have shown a worrisome cybersecurity trend – 57 per cent of respondents do not think that their organisation is protected from advanced cyber attacks.

More than half of the respondents (63 percent) doubt they can stop the extraction of confidential information; and only 26 percent agree that it is possible to create a security programme that can withstand all targeted attacks. Therefore, it is not surprising that most respondents (69 percent) say that cybersecurity threats sometimes fall through the cracks of their companies’ existing security systems.

  • 44 percent of surveyed companies experienced one or more substantial cyber attacks (this refers to infiltrated networks or enterprise systems) in the past year. 
  • 59 percent of companies do not have adequate intelligence or are unsure about attempted attacks and their impact.
  • Furthermore, 51 percent say they are unsure if their security solutions inform them about the root causes of an attack.

Disconnect on the perceived value of confidential data

There is a distinct gap between data breach perception and reality. Despite the average cost of an organisational data breach estimated at $5.4 million, respondents believe that executive teams do not seem to understand the potential revenue loss to their business.

  • 80 percent of respondents say their company’s leaders do not equate losing confidential data with a potential loss of revenue.
  • 48 percent say their board-level executives have a sub-par understanding of security issues. This figure has not been measured in previous surveys, but it is presumed that cybersecurity awareness has most likely increased over the last few years.

Limited visibility into cybercriminal activity

Research revealed that security professionals find it difficult to keep track of the threat landscape, and 7 percent of the respondents are unsure if their organisation suffered a cyber attack in the past year. 

  • Less than half of the respondents (41 percent) believe they have a good understanding about the threat landscape facing their company
  • Only 37 percent of respondents could say with certainty that their organisation lost sensitive or confidential information as a result of a cyber attack. 
  • 35 percent of those who had lost sensitive or confidential information did not know exactly what data had been stolen.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.