It should be no surprise amid the constant barrage of headlines about cybersecurity incidents that the number and cost of breaches are on the rise.
Security incidents cost businesses an average of $2.7 million each year, according to a PwC survey. Despite the burgeoning threat, information security is an issue that receives little involvement from the board, and security budgets decreased in the last year.
The Global State of Information Security Survey 2015 was conducted by PwC, gathering responses from more than 9,700 security, IT, and business executives in 154 countries.
The research found that the number of detected information security incidents has risen 66% year over year since 2009. In the 2014 survey, the total number of security incidents detected by respondents grew to 42.8 million around the world, up 48% from 2013—an average of 117,339 per day.
The financial impact of breaches has also increased. The average reported loss from such incidents was up 34% in 2014 compared with the previous year. Furthermore, the number of organizations reporting losses greater than $20 million nearly doubled. As many incidents go undetected or unreported, the true scale of the problem is even greater.
The most frequent source of data breaches described by respondents came from inside the organization itself. The number of incidents attributed to current employees increased by 10% in 2014, and those involving third parties such as current or former contractors rose by 18%. However, the report notes that in some instances, data had been compromised accidentally by employees, for example as a result of a lost mobile device.
The full survey report is available at tinyurl.com/opfemca.