More than 9,700 security, IT, and business executives across the globe — including 85 from New Zealand — participated in the Global State of Information Security Survey 2015.
Findings show that the number of detected incidents leapt 48 per cent, to 42.8 million, the equivalent of 117,339 attacks per day in 2013 and this increase comes at great cost with total financial losses attributed to security compromises increasing 34 per cent over 2013. Detected security incidents have increased 66 per cent year-over-year since 2009, the survey data indicates.
"It's come as no surprise that the rising incidents and associated financial impacts continue to increase," says van Hest. "The scale of the breaches is much larger and their impact extends to C-suite and the boardroom, with insider incidents and high-profile crimes on the rise."
Globally, big losses have been more common this year as organisations reporting financial hits in excess of US$20 million nearly doubled. Despite greater levels of concern, the survey found that global information security budgets actually decreased 4 per cent compared with 2013. Security spending as a percentage of IT budget has remained stalled at 4 per cent or less for the past five years.
"New Zealand organisations are bucking this trend however and 67 per cent plan to spend more on their security budgets in the next 12 months. Hopefully this means the increased level of activity in ownership of the issues and a strategic approach is now translating into investment and action.
"Organisations will need to identify and invest in cyber security practices that are most relevant to today's advanced attacks. It's important that their processes are fully integrated for predictive, preventive, detective and incident-response capabilities to minimise the likelihood and impact of incidents.
Meanwhile, high profile attacks by nation-states, organised crime and competitors are among the least frequent incidents, yet the fastest-growing cyber threats. This year, respondents who reported a cyber-attack by nation-states increased 86 per cent — and those incidents are also most likely under-reported. The survey also found a striking 64 per cent increase in security incidents attributed to competitors, some of whom may be backed by nation-states.
"It is vitally important for companies to focus on rapid detection of security intrusions and to have an effective, timely response. Given our interconnected business ecosystem, it is equally as important to establish policies and processes regarding third parties. Larger organisations need to be particularly wary as they're more likely to be targets since they offer more valuable information and their size and complexity make attacks less likely to be detected.
"Organisations must change from focusing on prevention and controls for security, to an information-centric and risk-based approach that uses controls to enable the business Information is a powerful business asset and the right approach to security and privacy will empower organisations to maximise its potential," says van Hest.
Sign up for CIO Asia eNewsletters.