Although the survey did confirm that attacks continue to range from targeted and sophisticated to fairly simple exploits of vulnerabilities created by years of underinvestment in security programs, technologies, and processes, PwC believes the cybersecurity challenge can – and must -- be met. In many cases companies can be successful in mitigating these attacks with a thorough cybersecurity strategy that is aligned to the business strategy and includes vigilant and proactive awareness of the threat environment, a strong asset identification and protection program and is supported by proactive monitoring and enhanced incident response processes. Attacks that are most severe, often from nation-states, should be faced in conjunction with government agencies.
For the second year in a row, respondents identified insider crimes (33.73 percent) as likely to cause more damage to an organization than external attacks (31.34 percent). The study found that:
- Seventeen percent of respondents who had suffered an insider attack did not know what the consequences entailed;
- Thirty-three percent of respondents had no formalized insider threat response plan;
- Twice as many respondents indicated "non-malicious insiders" cause more sensitive data loss than malicious inside actors; and
- Of those who did know what the insider threat handling procedures were, the majority reported that the cases were handled in-house, without legal action or law enforcement involvement
"We must consistently get past the privacy and liability issues that arise in the private sector reporting cyber intrusions to the government," said FBI Executive Assistant Director Richard McFeely. "When that happens, we have seen recent notable examples of the power of private sector and government coming together to counter our cyber adversaries."
For the full survey report, please visit: www.pwc.com/cybersecurity.