Over one third of organisations that experienced a cyber security breach in 2016 reported customer, opportunity and revenue loss of more than 20%, Cisco claims in a new study, the Cisco 2017 Annual Cybersecurity Report (ACR).
The survey of 3,000 chief security officers (CSOs) and security operations leaders in 13 countries reveals that 22% of breached organisations lost customers, of which 40% lost more than 20% of their customer base; 29% lost revenue, of which 38% reported losses of more than 20%; and 23% lost business opportunities, of which 42% lost more than 20%.
After experiencing a breach, 90% of affected organisations chose to improve their defences and processes by separating IT and security functions (38%), increasing security awareness training for employees (38%) and implementing risk mitigation techniques (37%).
Budget constraints, poor compatibility of systems and a lack of trained talent are seen as the biggest barriers to enhanced security.
Another problem highlighted by the report is the complexity of security environments, with 65% of organisations employing from six to 50 plus security products. Cisco warns that this increases the potential for security effectiveness gaps and helps explain why 2016 saw a resurgence of ‘classic’ attack vectors, such as adware and email spam.
Cisco says spam has reached levels not seen since 2010, accounting for 65% of email traffic, and that 8-10% of spam messages are malicious.
It advises organisations to take the following steps to protect themselves:
Make security a business priority: Executive leadership must own and evangelise security and fund it as a priority.
Measure operational discipline: Review security practices and patch and control access points to network systems, applications, functions and data.
Test security effectiveness: Establish clear metrics to validate and improve security practices.
Adopt an integrated defence approach: Make integration and automation high on the list of assessment criteria to increase visibility, streamline interoperability and reduce the time to detect and stop attacks.