Most businesses in America have increased security spending in the wake of the spate of high-profile cyber attacks against businesses in the U.S. late last year, including the Target breach, which leaked 40 million credit card details. Most U.S. businesses (82%) now expect this sort of highly targeted attack to increase over the next two years, according to a new survey.
The survey, involving interviews with IT decision-makers in industries ranging from mining to law, found that companies already spent an average of 15% of their IT budget on improving security – and that figure looks set to rise, according to a report by news agency Reuters.
Defense Talk said that the survey, conducted by BAE Systems Applied Intelligence, showed that companies had changed policy in the wake of the attacks. Nearly two thirds (60%) said that they had increased spending on cyber security – and others planned to increase their budget within the next 12 months, citing the recent attacks as having influenced their decisions.
ESET researcher Lysa Myers says, “It is entirely possible for businesses to better protect their customers against this sort of breach. The protective technology and techniques exist already, and some organizations are already putting them to good use. But a surprising number are not, yet.” Myers offers a myth-busting guide to the Target breach - including tips for businesses on how to prepare for such attacks.
Companies rated loss of customer data as their greatest concern, followed by loss of trade secrets and damage to reputation, according to the survey, carried out by British defense firm BAE Applied Intelligence. The survey polled 300 firms in the U.S., and others in Canada, Australia and the UK. Nearly a third of IT staff in America estimated a successful attack could cost their company up to $75 million.
More than two-thirds (71%) of those surveyed said that new technologies such as mobile devices posed threats to their businesses’ security – but only 61% said they understood those risks. More worryingly, 31% of respondents in the U.S. believed that their company’s Board of Directors still failed to grasp the extent of cyber risks, according to Business Insurance.
The report said, “There is still a potential danger of lack of real action at board level. This suggests that the challenge may still often be seen as a technology problem alone, rather than something that must be tackled at CEO and board level.”
Businesses are also keenly aware that the main threat comes from “organized groups of fraudsters” rather than rogue individuals, hacktivists, or other groups, especially among American companies, with 52% of U.S businesses naming such groups as the most likely to mount attacks, according to MarketWatch.
“What this research clearly shows is that U.S. businesses are increasingly aware of the cyber threat and have a range of counter measures in place,” said Martin Sutherland, managing director, BAE Systems. “However, digital crime as a whole — a dangerous combination of organized groups of criminals using cyber techniques to carry out financial crime — is also a major concern, particularly since the most recent wave of high-profile attacks.”
Author Rob Waugh, We Live Security