74 Percent of Companies that Suffer a Data Breach Don’t Know How It Happened

And just two thirds of IT pros say their current IT security budget is sufficient, a recent survey found.

According to the results of a recent survey [PDF] of 250 IT professionals, 34 percent of companies in the U.S. were breached in the past year, and 74 percent of the victims don’t know how it happened.

The survey, conducted by iSense Solutions for Bitdefender, also found that two thirds of companies would pay an average of $124,000 to avoid public shaming after a breach, while 14 percent would pay more than $500,000.

One third of CIOs say their job has become more important in their company’s hierarchy, and another third say their job has been completely transformed in the past few years.

And while nine in 10 IT decision makers see IT security as a top priority for their companies, only two thirds say their IT security budget is suifficient — the remainder say they would need an increase of 34 percent on average to deliver efficient security policies.

 Cloud security spending increased in the past year at 48 percent of companies, while the budget for other security activities remained the same.

On average, respondents say only 64 percent of cyber attacks can be stopped, detected or prevented with their current resources.

Separately, a survey of 403 IT security professionals in the U.S., U.K., Canada and Europe found that only three percent of organizations have the technology in place and only 10 percent have the skills in place to address today’s leading attack types.

The survey, conducted by Dimensional Research and sponsored by Tripwire, also found that just 44 percent of organizations have the skills, and 43 percent have the technology, to address ransomware attacks effectively.

“Most organizations can reasonably handle one or two key threats, but the reality is they need to be able to defend against them all,” Tripwire senior director of IT security and risk strategy Tim Erlin said in a statement. “As part of the study, we asked respondents which attack types have the potential to do the greatest amount of damage to their organization. While ransomware was cited as the top threat, all organizations were extremely concerned about phishing, insider threats, vulnerability exploitation and DDoS attacks.”

Respondents felt most confident in their skills to handle phishing (68 percent) and DDoS attacks (60 percent), but less confident in their abilities to deal with insider threats (48 percent) and vulnerability exploitations (45 percent).

Similarly, respondents felt more confident in the technology they have in place to address phishing (56 percent) and DDoS attacks (63 percent), but less confident in the technology to address insider threats (41 percent) and vulnerabilities (40 percent).

A separate survey of 5,000 U.S. consumers by Kaspersky Lab and HackerOne found that 22 percent of respondents are more likely to make a purchase if they know a company hired hackers to help boost security.

Knowing what they do about their own company’s cyber security practices, just 36 percent of respondents said they would choose to be a customer of their own employer.

Almost two in five U.S. adults don’t expect companies to pay a ransom if hit by ransomware.

When asked what types of data they would expect a company to pay a ransom for, 43 percent expect companies to do so for employee Social Security numbers, followed by customer banking details (40 percent) and employee banking details (39 percent).

Source: http://www.esecurityplanet.com/network-security/74-percent-of-companies-that-suffer-a-data-breach-dont-know-how-it-happened.html