Cyber-Security Breaches Hit 90 Percent of Businesses: Report

By Nathan Eddy  |  Print this article Print

The Ponemon Institute survey found only 11 percent of respondents know the source of all network security breaches.

A survey of U.S. IT security professionals, conducted by Ponemon Institute and sponsored by Juniper Networks, found the threat from cyber-attacks today is nearing statistical certainty and businesses of every type and size are vulnerable to attacks. Organizations today are experiencing multiple breaches, with more than half (59 percent) of respondents citing two or more breaches in the past 12 months.

Overall, companies indicate that security breaches have cost them a least half a million dollars to address in terms of cash outlays, business disruption, revenue losses, internal labor, overhead and other expenses. Most respondents (59 percent) report that the most severe consequence of any breach was the theft of information assets, followed by business disruption.

Additionally, security attacks are on the rise, with 43 percent of respondents indicating there has been a significant increase in the frequency of cyber-attacks during the past 12 months and 77 percent saying these attacks have become more severe or difficult to detect or contain. As a result of these multiple breaches, more than one-third (34 percent) of respondents say they have low confidence in the ability of their organization's IT infrastructure to prevent a network security breach.

"Our survey research provides evidence that many organizations are ill-equipped to prevent cyber-attacks against networks and enterprise systems," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "This study suggests conventional network security methods need to improve in order to curtail internal and external threats."

The survey found only 11 percent of respondents know the source of all network security breaches, and almost half (48 percent) cited complexity as one of their biggest challenges to implementing network security solutions—with the same percentage of respondents saying it is due to resource constraints. Combating cyber-attacks can be made more effective by streamlining or simplifying network security operations, said 76 percent of respondents.

Seventy-five percent say their effectiveness would increase by implementing end-to-end solutions, and 28 percent are earmarking more than 10 percent of their budgets to security to address these issues. Employee mobile devices and laptops are seen as the most likely endpoint from which serious cyber-attacks are unleashed against a company, the survey found, and the top two endpoints from which these breaches occur are employees' laptop computers with 34 percent and employees' mobile devices with 29 percent.

"The size and complexity of today's security threats continue to intensify, leaving organizations and governments vulnerable to cyber-attacks," said Mark Bauhaus, executive vice president and general manager of Juniper Networks' device and network services business group. "Business leaders need to consider a more aggressive, systemic security approach—implementing end-to-end comprehensive protection at all points in the network to help mitigate risk."