The Sky-High Cost of a Cyber-Breach
A new study by Kroll found that the financial toll suffered courtesy of a significant cyberattack has mushroomed. In most cases, the damage amounts to at least $5 million. About one third of companies said it cost them between $10 million and $25 million. 16% said it came to more than $25 million. This includes loss of market valuation. When a company is attacked, the PR fallout is widespread. Customers, partners, and investors become wary. Stock prices fall. Attribution rates increase. New contracts are more difficult to obtain. It takes time to ride the wave of negative publicity and return things to some kind of normalcy.
What were the top causes of incidents, according to the study? Business email compromise (BEC) via phishing scored high. 65% said it had become a problem in their organizations. 62% said the attack had come via the supply chain – an incident that originated with a third-party vendor. Publicly exposed databases were third with 53%, followed by insider threats at 41%, and ransomware at 33%. This survey, though, focused squarely on finance teams. This may have skewed results more toward BEC and away from other threats such as ransomware.
Overconfidence in High Places
Kroll also asked Chief Financial Officers about their confidence level in facing future attacks. The poll revealed what might be interpreted as a surprising level of overconfidence. While 87% expressed confidence in their organizations’ ability to thwart attacks, almost two third admitted that they had been subjected to at least three significant incidents in the previous 18 months. This stands in sharp contrast to how things are viewed from the Chief Information Security Officer (CISO) perspective. 66% of CISOs considered their organization to be vulnerable to cyberattack.
Some CFOs, then, may have their heads in the sand with regard to cybersecurity. The Kroll survey dug deeper: 60% of finance teams do not receive regular briefings on security team. 37% admitted that they had never received a single update about cybersecurity during their time with the company. Maybe this disconnect between CFO and CISO perception is one of the reasons that cybersecurity investment lags behind the rate of successful data breach. Yes, cybersecurity spending is increasing overall. 45% of organizations intend to raise security spending by 10% or more. Another 33% intend to increase it by less than 10%. For the rest, spending will either remain flat or will decrease.
Why would some plan to decrease the security budget? Cybersecurity spending in verticals like financial services has gradually been absorbing more and more of the IT budget in recent years. Per the survey, 82% devote more than 10% of their IT budget to security. 21% spend more than 20% on cybersecurity – yet the number of successful ransomware attacks, breaches, and data loss incidents continues to increase.
Clearly, it isn’t the quantity of spending that safeguards the organization. Spending in general needs to be smarter and more targeted. That’s where Syxsense Enterprise comes in. It takes endpoint security to another level by centralizes multiple point tools into one Unified Security and Endpoint Management (USEM) suite. It delivers real-time vulnerability monitoring and instant remediation for every single endpoint in your environment. It can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.