2017 U.S. State of Cybercrime Survey Reveals Cyber Attacks Getting More Costly

Despite increased budgets and C-level support, security leaders’ concern over cyber threats is growing

Boston, Mass.—November 7, 2017—Cybersecurity remains top of mind with three quarters of security leaders are more concerned about cybersecurity threats now than they were in 2016, according to the 2017 U.S. State of Cybercrime survey (click to tweet). As publicized breaches become the norm, it is imperative for organizations to strengthen their security posture and have an awareness of potential security weaknesses. This survey provides a look into the state of U.S. cybersecurity, revealing how security and business leaders are defending their organizations, the top threats they are facing, as well as the ramifications when an attack occurs. The survey is a collaborative effort between CSO, the CERT® Division of the Software Engineering Institute at Carnegie Mellon University, the U.S. Secret Service, and Forcepoint.

Organizational Steps for Defense
The prominence of security continues to be elevated within organizations. Thirty-five percent of top security executives report to the CEO, and 50% of organizations have security leadership brief the board of directors at least quarterly. Security budgets have also been elevated with almost half (48%) of organizations seeing budget increases, resulting in an average IT security budget of $11 million, and an additional $9 million dedicated to physical security.

Organizations are using these growing budgets to put tools and processes in place to keep data and assets secure, and to address anomalies. The most effective solutions for detecting or deterring security events from external threats include firewalls, spam filtering, network-based antivirus tools, access controls, and encryption. To catch insiders who may have malicious intent, 58% of organizations monitor user behavior.

“Anomalies in behavior or data flow can be a key indicator that something amiss is occurring and needs to be investigated,” said Bob Bragdon, SVP and publisher of CSO. “While this activity can be through employees or external forces, the root can also be through a weakness in the security of a trusted partner.”

To address concerns about trusted partners steps are being taken outside of organization walls, as 47% are evaluating their supply chain vendors and partners to ensure approved security practices are in place before signing a contract. This “look under the hood” has resulted in 31% of organizations terminating contracts or relationships with partners. To ensure security practices are maintained, 58% of enterprise organizations (1,000+ employees) require business partners to sign service-level agreements to specify cybersecurity standards.

The Who & How Behind Cyber Incidents
Because cybersecurity breaches can be at the hand of outsiders, insiders, business partners or the identity remains a mystery, security leaders need to stay alert. The majority of organizations that have identified a breach (79%), claim that the event was committed by an outsider. Unfortunately, cyber-intruders often go undetected for an average of 92 days. Outsiders use a variety of techniques to gather intelligence including phishing, financial fraud, denial of service attacks and compromise business email. On the other hand, the majority of insider events may be considered accidents, particularly when the type of data exposed is compared to outsider incidents.

“Insider threats can arise from any number of scenarios, ranging from simple mistakes to malicious actions,” said Dr. Richard Ford, Chief Scientist at Forcepoint. “The actions of people – or malware that’s taken the identity of an employee – are at the center of many security incidents. As is so often the case, we need to follow the data and understand how the data is accessed by users, why it’s used and where it travels. With this lens, companies can distinguish between what is normal and what is abnormal – and from there, what is good and what is not.”


Cybersecurity Events at the Hand of Outsiders & Insiders
   Outsider  Insider
 #1  Unauthorized access to/use of information, systems, or networks  Private or sensitive information was unintentionally exposed
 #2  Customer records compromised or stolen  Customer records compromised or stolen
 #3  Confidential records (trade secrets or intellectual property) compromised or stolen  Employee records compromised or stolen


“It is encouraging, by looking at the survey results, that most organizations are recognizing the threat posed by insiders, but it is concerning that 31% of the organizations responding to the survey had at least one insider incident in 2016, with 76% of those incidents being handled internally, without involving legal action or law enforcement,” said Randy Trzeciak, technical manager of the CERT Insider Threat Center.

The Financial Ramifications of Cyber Attacks
There are many metrics to measure the impact of an attack, both hard costs and time as well as reputation. One thing that cannot be disputed is the financial costs of a cyberbreach. Twenty-one percent of enterprises report that monetary losses from cybersecurity events have increased year over year. In fact, enterprise organizations estimate financial losses at an average of $884K, compared to estimates of $471K from the previous year.

“As organizations prepare for various attacks and breaches, hackers continue to be savvier in their approaches. Resilient organizations must have all employees embrace security practices, from awareness training to behavior monitoring to gap protections,” continued Bragdon.

About the 2017 U.S. State of Cybercrime
The 2017 U.S. State of Cybercrime Survey was conducted by CSO in collaboration with the CERT® Division of the Software Engineering Institute at Carnegie Mellon University, the U.S. Secret Service, and Forcepoint. The goal of the survey is to gain insight into the frequency and impact of cyber incidents, organizational and partner defense tactics and security spending trends. More than 500 U.S. executives, security experts, and others from the private and public sectors responded to the survey.

About the Carnegie Mellon University Software Engineering Institute
The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI works with organizations to make measurable improvements in their software engineering capabilities by providing technical leadership to advance the practice of software engineering. For more information, visit the SEI website at http://www.sei.cmu.edu. The CERT Division of the SEI is the world’s leading trusted authority dedicated to improving the security and resilience of computer systems and networks and a national asset in the field of cybersecurity. For more information, visit http://www.cert.org.

About Forcepoint
Forcepoint is transforming cybersecurity by focusing on what matters most: understanding people’s intent as they interact with critical data and intellectual property wherever it resides. Our uncompromising systems enable companies to empower employees with unobstructed access to confidential data while protecting intellectual property and simplifying compliance. Based in Austin, Texas, Forcepoint protects the human point for thousands of enterprise and government customers in more than 150 countries. For more about Forcepoint, visit www.Forcepoint.com and follow us on Twitter at @ForcepointSec.

About CSO
CSO is the premier content and community resource for security decision-makers leading “business risk management” efforts within their organization. For more than a decade, CSO’s award-winning website (CSOonline.com), executive conferences, strategic marketing solutions and research have equipped security decision-makers to mitigate both IT and corporate/physical risk for their organizations and provided opportunities for security vendors looking to reach this audience. Based on editorial coverage and design, the Folio Eddie awards named CSOonline.com as the best BtoB Technology Website in 2015 and 2016. To assist CSOs in educating their organizations’ employees on corporate and personal security practices, CSO also produces the quarterly newsletter Security Smart. CSO is published by IDG Communications, Inc. Company information is available at www.idg.com.
Follow CSO on Twitter: @CSOonline
Follow IDG on Twitter: @idgworld
Follow CSO on LinkedIn
Follow CSO on Facebook

About IDG Communications, Inc. (IDG) 
IDG Communications connects the world of tech buyers with insights, intent and engagement. IDG Communications is the world’s largest media, data and marketing services company that activates and engages the most influential technology buyers. Our premium brands, including CIO®, Computerworld®, PCWorld® and Macworld®, engage the most powerful audience of technology buyers providing essential guidance on the evolving technology landscape. Our global data intelligence platform activates purchasing intent, powering our clients’ success. IDG Marketing Services creates custom content with marketing impact across video, mobile, social and digital. We execute complex campaigns that fulfill marketers’ global ambitions seamlessly with consistency that delivers results and wins awards. IDG is the #1 tech media company in the world, per comScore.*

*Source: comScore Media Metrix, Desktop Unique Visitors, Worldwide, January 2017

Additional information about IDG, a privately held company, is available at http://www.idg.com.


Lynn Holmlund
Marketing Director
IDG Communications, Inc.

Richard Lynch
Public Relations Manager
Software Engineering Institute