View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 31, 2017

Cost of a data breach soars to 20% of revenue as hacking goes ‘classic’ and corporate

Cisco's annual cybersecurity report outlines the old and new attack methods threatening businesses today.

By Ellie Burns

Revealing the ever-growing cost of a data breach, over one-third of companies experienced a huge 20% loss in revenue following a breach in 2016. This loss was amplified by similar hits to customer base, reputation and business opportunities.

Polling 3,000 chief security officers worldwide, Cisco’s 10th annual cybersecurity report found that 50% of breached companies faced public scrutiny after a breach. Operations and finance systems were the most affected, though the cost of a data breach was not isolated to financial loss.

22% of breached organisations in 2016 lost customers, with 40% of companies seeing 20% of their customer base abandon them in the wake of a security incident. 23% of breached organisations lost  business opportunities, with 42% losing more than 20%.

The chief security officers surveyed admitted that budget constraints, poor compatibility of systems, and a lack of trained talent were the biggest barriers to advancing their security posture, with the leaders blaming increasingly complex environments for the gaps which allow hackers into their organisations.

65% of organisations were found to use up to 50 security products, thus highlighting the overcrowded and complex environments which are developing in security departments. These gaps and barriers were found to be severely constraining security departments, with only 56% of security alerts being able to be investigated on any given day.

However, although defenders are cost of a data breach - hackingdeploying varying different methods and technologies to secure businesses, the attackers were found to be using tried and tested methods. Leading a resurgence of “classic” attack vectors, the use of adware and email spam were classic methods effectively deployed in 2016 – with the latter at levels not seen since 2010. Spam was found to account for 65% of email, with eight to 10% identified as malicious.

In a growing trend of hackers becoming more corporate, the report highlighted some of the new business models used by hackers. Attacks were found to mirror corporate hierarchies, with certain malvertising campaigns employing brokers (or “gates”) that act as middle managers, masking malicious activity. This gave hackers greater speed and the ability to maintain their operational space, while also evading detection.

Content from our partners
Technology and innovation can drive post-pandemic recovery for logistics sector
How to engage in SAP monitoring effectively in an era of volatility
How to turn the evidence hackers leave behind against them
READ: Hackers Incorporated: Looking into the business model of criminal CEOs

However, it was not all bad news, large exploit kits including Angler, Nuclear and Neutrino disappeared in 2016, although smaller players did rush to fill the gap.

Good news was also found in the time to detection metric, with Cisco tracking the positive progress in reducing “time to detection” (TTD), the window of time between a compromise and the detection of a threat. Cisco successfully lowered the TTD from a median of 14 hours in early 2016 to as low as six hours in the last half of the year. This figure is based on opt-in telemetry gathered from Cisco security products deployed worldwide.

“One of our key metrics highlighted in the 2017 Annual Cybersecurity Report is the ‘time to detection’ – the time it takes to find and mitigate against malicious activity. We have brought that number down to as low as six hours,” said David Ulevitch, Vice President/General Manager, Security Business, Cisco.

“A new metric – the ‘time to evolve’ – looked at how quickly threat actors changed their attacks to mask their identity. With these and other measures gleaned from report findings, and working with organizations to automate and integrate their threat defense, we can better help them minimize financial and operational risk and grow their business.”

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU