Companies affected by data breaches in 2016 lost up to 20 per cent of their revenue, according to a new study.
Cisco’s 2017 Annual Cybersecurity Report revealed that ninety per cent of these organisations are improving threat defence technologies and processes after attacks by separating IT and security functions (38 per cent), increasing security awareness training for employees (38 per cent), and implementing risk mitigation techniques (37 per cent).
The report surveyed nearly 3,000 chief security officers (CSOs) and security operations leaders from 13 countries in the Security Capabilities Benchmark Study. It highlights challenges and opportunities for security teams to defend against the relentless evolution of cybercrime and shifting attack modes.
CSOs have named budget constraints, poor compatibility of systems and a lack of trained talent as the biggest obstacles to advancing their security. According to Cisco, these leaders also revealed that their security departments are “increasingly complex environments,” with 65 per cent of organisations using a minimum of six up to more than 50 security products, which increases the potential for “security effectiveness gaps”.
The survey found that criminals are bringing about a “resurgence of ‘classic’ attack vectors,” such as adware and email spam. Cisco found that spam accounts for 65 per cent of email with eight to ten per cent cited as malicious.
It was revealed that more than 50 per cent of organisations faced public scrutiny after a security breach. Operations and finance systems were the most affected, followed by brand reputation and customer retention.
Some 22 per cent of breached companies lost customers, with 40 per cent losing more than 20 per cent of their customer base. A total of 29 per cent lost revenue, with 38 per cent of them losing more than 20 per cent of revenue. Meanwhile, 23 per cent of breached firms lost business opportunities.
John N Stewart, senior vice-president and chief security and trust officer at Cisco, said: “In 2017, cyber is business, and business is cyber –that requires a different conversation, and very different outcomes. Relentless improvement is required and that should be measured via efficacy, cost, and well-managed risk.”