Friday, November 8, 2013

Kaspersky Lab 2013 Global Corporate IT Security Risks

34% of respondents ranked protection from incidents as the top priority

Kaspersky Lab, in partnership with research company B2B International, conducts regular surveys focusing on the key IT security issues and cyber threats which worry businesses.

The survey aimed to find out what representatives of these companies thought of corporate security solutions, to ascertain their level of knowledge about cyber threats, what cyber security related problems they most often face, how they address these problems and what they expect in the future.

2013 Kaspersky Lab and B2B International survey results provided below reflect the opinions of companies on key issues related to the security of the corporate IT infrastructure.

They also reflect the changes that have taken place since the previous two studies. Comparing current and historical data helps to identify and analyze existing trends in this area, ultimately creating a complete and, we believe, objective picture of the threat landscape, as well as future problems and trends affecting corporate IT security.

Main Findings

According to the survey results, one of the major problems facing businesses is the creation of a clear IT infrastructure development strategy with an information security strategy at its heart.

Companies are increasingly determined to secure their IT infrastructure in the light of increasing numbers of incidents – and significant financial losses associated with them. The main findings of the survey are:

  • Maintaining information security is the main issue faced by a company’s IT management.
  • In the past 12 months, 91% of the companies surveyed had at least one external IT security incident and 85% reported internal incidents.
  • A serious incident can cost a large company an average of $649,000; for small and medium-sized companies the bill averages at about $50,000.
  • A successful targeted attack on a large company can cost it $2.4 million in direct financial losses and additional costs.
  • For a medium-sized or small company, a targeted attack can mean about $92,000 in damages – almost twice as much as an average attack.
  • A significant proportion of incidents resulting in the loss of valuable data were internal, caused by issues such as unclosed vulnerabilities in software used by the company, intentional or negligent actions of employees or the loss or theft of mobile devices.
  • Personal mobile devices used for work-related purposes remain one of the main hazards for businesses: 65% of those surveyed saw a threat in the Bring Your Own Device policy.
  • Information leaks committed using mobile devices – intentionally or accidentally – constitute the main internal threat that companies are concerned about for the future.

For the full report in PDF format, click here.

No comments: