Despite the growing threat of cybercrime most US organisations do not have capabilities to outwit the superior technical skills of cyber criminals, leaving them unprepared to combat the threats.
Fourteen per cent of companies said that the monetary losses related to cybercrime has increased which 66% said they could not assess the monetary losses.
On average firms reported detecting 135 security incidents each in the last year,
Just 38% of the organisations have a methodology to prioritise security investments based on risk and impact to business strategy according to a global survey conducted on behalf of PWC.
David Burg, PwC’s Global Cybersecurity Leader said cyber criminals evolve their tactics very rapidly and the repercussions of cybercrime are overwhelming for any single organisation to combat alone.
"It’s imperative that private and public organizations collaborate to combat cybercrime and gain intelligence about security threats and how to respond to them," Burg said. "A united response will prove to be an indispensable tool in advancing the state of cybersecurity."
The survey found that the US organisations are more worried about cybercrime compared to their global peers with 69% of US respondents reported they were worried about the impact of cyber threats to their growth prospects, compared with 49% of global CEOs.
Ed Lowery US Secret Service Criminal special agent in charge said despite substantial investments in cybersecurity technologies, cyber criminals continue to find ways to circumvent these technologies in order to obtain sensitive information that they can monetise.
"The increasing sophistication of cyber criminals and their ability to circumvent security technologies indicates the need for a radically different approach to cybersecurity: A balanced approach that, in addition to using effective cybersecurity technologies, develops the people, processes, and effective partnerships in order to strategically counter cybersecurity threats."
Burg added, "The severity of cyber threats will continue to intensify as threat actors evolve and sharpen their skills and techniques."
Recommendations include takeing advantage of information sharing internally and externally to gain intelligence on fast-evolving cyber risks; development of threat-specific policies; and enhanced training and workforce messaging to boost cybersecurity awareness.
Supply chain partners should be held to the same, if not higher, cybersecurity standard that companies set for themselves with compliance mandated in contracts.
The survey conducted in collaboration among PwC, CSO magazine, the CERT Division of the Software Engineering Institute at Carnegie Mellon University and the US Secret Service.
