While the number of cybercrime incidents and the monetary losses associated with them continue to rise, most U.S. organizations’ cybersecurity capabilities don’t rival the persistence and technological skills of their cyber adversaries, according to a new report released by consulting firm PwC, CSO magazine, the CERT Division of the Software Engineering Institute at Carnegie Mellon University and the U.S. Secret Service.
The report, “The 2014 U.S. State of Cybercrime Survey,” shows that only 38 percent of the more than 500 organizations surveyed have a methodology to prioritize security investments based on risk and impact to business strategy.
The survey shows that 69 percent of U.S. respondents reported they were worried about the impact of cyber threats to their growth prospects, compared with 49 percent of global CEOs.
“Cyber criminals evolve their tactics very rapidly, and the repercussions of cybercrime are overwhelming for any single organization to combat alone,” David Burg, PwC’s global and U.S. advisory cybersecurity leader, said in a statement. “It’s imperative that private and public organizations collaborate to combat cybercrime and gain intelligence about security threats and how to respond to them. A united response will prove to be an indispensable tool in advancing the state of cybersecurity.”
The average number of security incidents detected over the past year was 135 per organization, and 14 percent of the survey respondents said monetary losses attributed to cybercrime have increased. The actual costs remain largely unknown, the report says, as more than two-thirds of those who detected a security incident were not able to estimate the financial costs.