PwC announced the results of the 2012 Global State of Information Security Survey earlier this week. The 9th annual survey interviewed nearly 10,000 security experts from 138 countries.
The release from the survey announced that 43 percent of global companies believe they have an effective information security strategy in place and are proactively executing their plans, but only 13 percent of respondents prove to be true information security “leaders.” There always seems to be a “but only” in these surveys, but for me, that “but only” came with the front end of that announcement. “Only” 43 percent believe they have an effective security system in place. Now, a much higher percentage — 72 percent — report that they have confidence in their company’s security efforts.
Mark Lobel, principal at PwC and co-author of the study, said:
The face of cyber threats has rapidly evolved from curious college kids taking their hand at hacking to an enormous global eco system of cyber-crime. Companies need a comprehensive approach to security—technology, education and awareness—and a very small number have truly mastered all three.
He is right: Companies do need a comprehensive approach to security. But is feeling that your security is adequate, rather than considering yourself a “front runner” in cyber security, enough today?
Good cyber security means so much to a company. A breach can destroy your brand. And as we saw recently, a breach can destroy your entire company. DigiNotar filed for bankruptcy after it was hacked. And as F Secure pointed out:
Victims of wide-spread and long-lasting distributed denial-of-service attacks include an ISP called Cloud 9 Communications (read more) and an antispam outfit called Blue Frog. In effect, spammers forced Blue Frog out of business.
A company like Sony got hacked and managed to stay in business, F Secure explains, but it also took a financial and loyalty hit.
PwC found that companies are responding to the increase in cyber threats. For example, mobile devices and social media present a significant new line of risk – and a demand for prevention. Organizations are beginning to amplify their efforts to prevent mobile- and social media-based attacks: 43 percent of respondents have a security strategy for employee use of personal devices, 37 percent have a security strategy for mobile devices and 32 percent have a security strategy for social media. That’s a step in the right direction.