- Data breaches are a rapidly growing problem for businesses worldwide.
- Data breaches are having increasingly disastrous consequences for business.
- Data breaches disrupt businesses in a variety of ways.
Cyber insecurity: Managing threats from within is an Economist Intelligence Unit report, sponsored by Proofpoint. To explore the frequency and severity of people-centric data breaches, the EIU surveyed more than 300 corporate executives, including CIOs, CISOs and other IT executives, finance and line-of-business leaders, with roughly equal numbers located in North America, Europe and Asia/Pacific.
The EIU supplemented the survey results with in-depth interviews with senior executives. We would like to thank all survey respondents for their time and insights. Eric Laursen wrote the report and Gilda Stahl was the editor.
The following senior executives (listed alphabetically by company) were interviewed for the research programme:
- Adrian Ludwig, CISO, Atlassian
- Deborah Wheeler, CISO, Delta Air Lines
- Prasanna Ramakrishnan, global head of information security risk, Signify (previously Philips Lighting)
Data breaches, defined broadly as the intentional or unintentional release of secure or private/confidential information into an untrusted environment, are a rapidly growing problem for businesses worldwide. People-centric threats—from phishing to lost or stolen devices to activity on an unsecure network to lost or stolen passwords—can be at least as crippling as more arcane technical glitches and oversights.
This poses a delicate problem. While companies can exert some control by introducing better security measures such as two-factor authentication, centralised logging, and restrictions on web browsing and personal email, they must ultimately depend on human beings to follow best practices and share information about incidents, which can help them anticipate and prevent similar events.
To gauge the frequency and severity of such weaknesses, their causes and the steps companies are taking to address them, The Economist Intelligence Unit surveyed more than 300 corporate executives, including CIOs, CISOs and other IT executives, finance and line-of-business leaders, with roughly equal portions located in North America, Europe and Asia/Pacific.
Confronting data breaches
Data breaches are having increasingly disastrous consequences for business. As a result of a massive 2017 data breach that exposed the personal identity information of more than 148m people, Equifax in July agreed to pay $425 million to help the victims and $275 million in civil penalties the largest such monetary settlement to date.
An overwhelming majority (86%) of survey respondents say their organisation has experienced at least one data breach in the past three years, with well over half (60%) saying they have experienced at least four. Large companies ($500 million or more in annual global revenues) are especially vulnerable; more than two-thirds (68%) have experienced at least four data breaches in the past three years, compared with 53% of smaller companies.
Data breaches disrupt businesses in a variety of ways. Survey respondents most frequently cited the following in their top three: loss of revenue (33%), especially at large companies (38%); loss of clients (30%); and termination of staff involved (30%).
The problem is only growing. Nearly half of survey respondents (47%) say it’s very or extremely likely that they will face a major data breach in the next three years. Not surprisingly, companies that have experienced one or more data breaches in the past three years are far more likely to anticipate another one in the next three years than companies that haven’t (53% vs. 9%).
Many companies, however, are still in the early stages of devising an effective strategy for preventing and responding to data breaches— mitigating their effects. “Not everybody understands yet that a huge company can be brought to its knees by one of these attacks,” says Prasanna Ramakrishnan, global head of information security risk at Signify (formerly Philips Lighting). “We have to be able to get to a predictable structure of security.”
To Read Full Download The Whitepaper: Cyber Insecurity: Managing Threats From Within