Majority of American companies view targeted cyber attack as a top 3 business risk. Organized groups of fraudsters viewed as presenting greatest cyber threat. Grasp of vulnerabilities and threat intelligence named as best tools to help Boards tackle threat
BAE Systems Applied Intelligence today quantifies the extent of the impact on US businesses of the wave of recent high-profile cyber attacks in December 2013 and January 2014. New research conducted this month reveals that the attacks on international businesses, including banks and retail giants such as Target, led to a significant 60% of US businesses surveyed increasing their cyber security budget. Of those businesses planning to increase their cyber security budget over the next 12 months, a resounding 78% cited the recent attacks as having a significant influence on their decision.
The international research also found that 53% of US companies surveyed now regard the threat from cyber attacks as one of their top three business risks, mirroring the recent warning from the World Economic Forum that cyber attacks are among the 5 biggest threats facing the world in 2014.1 The research details business concerns and opinion around cyber and indicates a strong demand from major global companies for greater intelligence about the nature of new cyber threats and a better understanding of business vulnerability.
The new findings come as BAE Systems Applied Intelligence releases “Business and the Cyber Threat: the rise of Digital Criminality”, which found that the majority of US respondents (82%) expected the number of targeted cyber attacks to increase over the next two years.2 It was immediately striking that organized groups of fraudsters were identified by the highest number of respondents in both the US (52%) and across the survey group as a whole (55%), as the group considered most likely to mount attacks. This would seem to point to a concern around the potential damage of cyber-enabled fraud attacks of precisely the nature experienced by Target and others.
The research also showed that businesses believe that their increasing exposure to cyber threats, caused by new ways of working, poses a risk as they adapt business practices to keep pace with the hyper-connected world. For example, 72% of North American respondents thought the cyber risk posed by mobile technologies was a significant risk but only 61% were confident they understood the risks.3
Faced with these challenges, it was alarming to note that a significant proportion of respondents – around a third (31% in the US and 30% globally) – still did not believe that their Board of Directors fully understood the risks presented by cyber. To investigate further, the research then explored which tools respondents believed would help their Boards to take greater action to prevent cyber attacks. Having a clearer understanding of vulnerabilities (advocated by 53% of respondents in the US and 50% overall) and having intelligence about upcoming threats (44% in the US and 47% overall) proved the most popular responses.
Martin Sutherland, Managing Director, BAE Systems Applied Intelligence, said:
“What this research clearly shows is that US businesses are increasingly aware of the cyber threat and have a range of counter measures in place. However, digital crime as a whole – a dangerous combination of organized groups of criminals using cyber techniques to carry out financial crime – is also a major concern, particularly since the most recent wave of high-profile attacks.
“And as the number of avenues open to criminals in a hyper-connected world increases, we are seeing a genuine hunger from businesses for a clearer understanding of their own vulnerabilities and up to the minute cyber threat intelligence.”
Further US findings:
- Cost: 29% of respondents estimated a successful cyber attack would cost their organisation more than US$75 million, a further 20% said more than US$15 million.
- Cause of attacks: The group identified as most likely to mount target attacks by the highest number of US respondents was organised groups of fraudsters (55% of respondents). Americans were more concerned about those involved in industrial espionage than any other market (47% compared to 40% in Canada, 37% in the UK and 35% in Australia).
- Concern: When asked what they would be most concerned about in the event of a successful attack, the most common response in the US was loss of customer data (61%). The second ranking concern amongst US respondents was theft of intellectual property – with Americans noticeably more concerned about IP theft than other markets (47% or respondents compared to 38% in Canada, 35% in the UK, and 43% in Australia).
- Confidence: A substantial majority (88%) were confident in their organisation’s ability to prevent targeted cyber attacks. A smaller, but still large majority (77%), were confident in their sector’s ability to prevent attacks.
- Crisis Plans: 28% of US organisations surveyed still did not have, or were unaware of, crisis plans in the event of a cyber attack on their company. Of those respondents who did have crisis plans, 56% thought these were well publicised. In Canada 70% of those surveyed said they had crisis plans, but only 37% of those with plans said they were well publicized.
- Convergence: Of those respondents who had encountered cyber-enabled fraud, 55% of US respondents and 50% of Canadian respondents expect cyber to play an increasing role in financial fraud.
Martin Sutherland, Managing Director, BAE Systems Applied Intelligence, continued:
“The recent attacks demonstrate that there is no ‘silver bullet’ and a combination of robust processes, and controls, user awareness and vigilant security operations all have to play a part in protecting the enterprise. However, these approaches are only as good as the information used to implement them.
“In order to adapt to the ever evolving threat landscape, companies will also need to develop holistic threat intelligence management programs supported by security platforms that not only provide the raw intelligence data but also the ability to process and analyze large amounts of complicated information as quickly and clearly as possible.”
BAE Systems Applied Intelligence continues to develop ground breaking analytics tools that enable businesses to make the best possible use of all the threat data and intelligence they receive in order to defend themselves and their customers from digital criminality and keep one step ahead of an increasingly sophisticated group of adversaries.