State of Cybercrime 2017: Security events decline, but not the impact

Even as the average number of security events dropped year-over-year, events that resulted in a loss or damage rose, and fewer companies reported no losses.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

The past year has been tough for enterprise security teams. Attacks like Petya and NotPetya suggest that the impact scale is increasing dramatically. The recent leak of government-developed malware and hoarded vulnerabilities has given cybercriminals greater capabilities. IT is struggling to keep pace with the flow of important security software patches and updates, and the continued adoption of new technologies like the internet of things (IoT) creates new vulnerabilities to contend with.

All this has driven many companies to do some soul searching about how they address cybercrime threats, according to a new survey from CSO. Its results provide insight into not only the nature and scope of the threats that U.S. businesses face, but exactly how those businesses are responding.

idg presentation cybercrime coverCSO

Become an Insider member and download the 2017 U.S. State of Cybercrime report.

The 2017 U.S. State of Cybercrime survey is conducted annually by CSO in partnership with the US Secret Service and CERT at the Software Engineering Institute at Carnegie Mellon University. This year’s survey is sponsored by Forcepoint. Of the 510 respondents, 70 percent were at the vice president level or higher across all industries and the public sector, including the 35 percent in corporate management. The average IT security budget of the companies represented is $11 million. 

Getting more serious about security

Security is getting more mindshare at the corporate level and more resources, even if in some cases the gains are incremental. Twenty percent of CSOs/CISOs now report to the board of directors on a monthly basis, up from 17 percent last year. Yet 61 percent of the boards still see security as an IT issue rather than a corporate governance issue. That number is barely down from last year’s 63 percent.

[For more on the State of Cybercrime in 2017, register to download the survey results.]

To continue reading this article register now