Survey Shows U.S. Organizations Need More Improvement To Counter Cybercriminals


Despite a surge in both the number of detected cybersecurity incidents and the financial costs associated with such breaches, a new report shows that U.S. organizations lack the necessary defenses to effectively counter evolving cybersecurity threats.

The 2014 U.S. State of Cybercrime Survey outlines significant shortcomings that leave organizations lagging behind their criminal counterparts. PricewaterhouseCoopers, CSO Magazine, the U.S. Secret Service and the CERT Division of the Software Engineering Institute at Carnegie Mellon University co-sponsored the survey.

Below are some of the survey’s key findings based on data collected from more than 500 executives from U.S. businesses, law enforcement and government agencies.

Heightened Concern about Cybersecurity Threats

Organizations are clearly aware of the security threats posed by technology, with 59% of respondents indicating they are more concerned about cybersecurity this year than in the past. This may be in response to an increase in information-security incidents — both in the headlines and experienced first-hand. More than three in four respondents have experienced a data breach in the last year; 34 % have detected more security incidents in the last 12 months than in the previous year.

Organizations not Properly Prioritizing and Investing in Cybersecurity

While organizations have serious concerns about cybercrime threats, 38% of respondents omit a key step in implementing an effective cybersecurity program by not prioritizing cybersecurity investments based on their individual risk. In particular, many organizations are not properly investing in the people and processes that would allow them to rapidly respond to and mitigate incidents. Researchers noted that organizations should carefully allocate their spending based on their particular industry, geography, key assets and other factors, and design cybersecurity programs with enough flexibility and agility to enable a quick response to evolving and multiplying threats. Consequently, organizations should place emphasis not only on preventing attacks, but detecting and responding to them to minimize their impact.

Insider Threats not Adequately Addressed

Some 28% of respondents reported attacks by insiders, and 32% indicated that these were more costly and damaging than outside attacks. Yet less than half (49%) of those surveyed have a plan in place to safeguard against and respond to attacks from employees and other inside sources.

Collaboration and NIST Cybersecurity Framework Can Enhance Effectiveness

The report highlights two ways organizations can more effectively deal with cybercriminals: collaboration and the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) Cybersecurity Framework. The report illustrates the value of collaboration by pointing to data from a separate cybersecurity survey in which 82% of companies with high-performing security practices actively worked with others to increase their knowledge about security measures and threat trends. Additionally, while highlighting the benefits of the NIST framework's voluntary, proactive risk-management approach to managing and mitigating cybersecurity risks, the report found that the vast majority of respondents' cybersecurity programs fell far short of NIST's standards.

The report concludes by urging organizations to adopt the NIST framework to help improve their cybersecurity programs and possibly stem regulatory violations and other liability. Whatever the approach, organizations need to implement information security training as an important step in safeguarding against criminals and their evolving techniques and methods.

[View source.]


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomson Reuters Compliance Learning | Attorney Advertising

Written by:


Thomson Reuters Compliance Learning on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.