PwC study points out more than 117,300 incidents per day
The PwC study "Managing cyber risks in an interconnected world", which used as basis the data from the survey "The Global State of Information Security Survey 2015", organized by the consultancy, in partnership with the North American companies CIO and CSO, pointed out that the number of cyber attacks detected rose to 42.8 million in 2014, a jump of 48% from 2013 (the equivalent of 117,339 new attacks every day). Financial losses attributable to cybersecurity incidents increased 34% compared to last year.
As the frequency and costs of security incidents continue to rise, the PwC study found that the scenario is due to the fact that many organizations do not update critical processes and information security technologies, nor do they give the real value training needs of employees. The average budget of companies for the area of information security in 2014 was $ 4.1 million, a decrease of almost 4% in relation to 2013.
“Analyzing the research, in some cases, information security programs have weakened due to insufficient investments in the area. At the same time, the financial costs of investigating and mitigating incidents are growing year after year, ”says PwC Brasil partner and IT specialist Edgar D'Andrea.
The study finds that larger companies are better able to identify cyber attacks - organizations with annual revenues of $ 1 billion or more have detected 44% more incidents compared to last year.
In medium-sized companies, with revenues between $ 100 million and $ 1 billion, there was a jump of 64% in the number of incidents detected. However, it is in the smallest organizations that the greatest risks can reside. Companies with revenues of less than $ 100 million counteracted the upward trend in identifying cyber threats and detected 5% fewer incidents this year.
"One explanation may be that small businesses are investing less in information security, which can leave them both unable to detect threats and more vulnerable to cyber attacks," says Edgar D'Andrea.
The study points out that small businesses often do not consider themselves the target of hackers. Another important conclusion is that sophisticated cyber adversaries have adopted the strategy of focusing on small and medium-sized companies as a means to gain access to the interconnected business ecosystems of these companies with larger organizations.
PwC research points out that South America was the only region to show a decline in the detection of cyber attacks. The number of incidents has dropped 9% this year. Regarding the average expenses of companies with information security, there was a drop of 24% in the region. The average budget in South America is around $ 3.5 mln, lower than in North America ($ 4.6 mln) and in Asia ($ 4.5 mln), ahead of Europe only ($ 3 , 1 ml).
Current and former company employees have been most often cited as guilty of cybercrime, the PwC study points out, although that does not mean that all accused employees exhibit malicious behavior. In many cases, they may unintentionally compromise data through the loss of mobile devices or be the target of phishing scams.
The percentage of incidents attributed to current and former service providers, and to consultants and contractors increased by 18% and 15%, respectively, in 2014. The full report can be accessed at www.pwc.com/cybersecurity.
EN 
PT 
