Cybersecurity Breaches Hit Nearly Three in Four Organizations

May 4, 2016

Nearly three out of four organizations have been plagued by at least one security breach or incident in the past year, with about 60 percent of breaches categorized as serious, according to a new report by CompTIA.

The International Trends in Cybersecurity report also reveals that organizations are altering security practices and policies due to greater reliance on cloud computing and mobile technology solutions.

More than 1,500 business and technology executives in 12 countries were surveyed. The report includes data from Australia, Brazil, Canada, Germany, India, Japan, Malaysia, Mexico, South Africa, Thailand, the United Arab Emirates (UAE) and the United Kingdom (UK).

"The importance of cybersecurity knowledge and readiness continues to grow regardless of geography," said Amy Carrado, senior director, research and market intelligence, CompTIA. "Our survey found that 79 percent of companies expect cybersecurity to become a higher priority over the next two years."

Across all countries surveyed, 73 percent of organizations said they've experienced at least one security breach or incident in the past 12 months. Self-reported security breaches were most prevalent in India (94 percent), Malaysia (89 percent), Brazil (87 percent), Mexico (87 percent) and Thailand (82 percent). Organizations in Japan (39 percent) and the UAE (40 percent) self-reported the lowest percentages of cybersecurity incidents.

The percentage of mobile-related security incidents – such as lost devices, mobile malware and phishing attacks or staff disabling security features – was even higher: 76 percent across all 12 countries. Mobile incidents were self-reported at the highest percentages in Thailand (95 percent), India (92 percent) and Mexico (89 percent); and in the lowest percentages in Japan (60 percent), the UAE (60 percent) and the UK (64 percent).

In 10 of 12 countries, changes in IT operations, whether due to greater reliance on mobile technology, the use of cloud-based solutions or some other factor, were listed as the top driver for altering approaches to cybersecurity.

Organizations are taking steps to assess and improve cybersecurity knowledge among their employees. Practices include new employee orientation, ongoing training programs, online courses and random security audits.

But the results so far have been mixed. Only 23 percent of organizations rate their cybersecurity education and training methods as extremely effective. Making employee training mandatory, more comprehensive training delivered more often and combining training with follow-up tests and assessments are some of the steps that would improve effectiveness, executives said.

Nearly all managers believe it is important to test after cybersecurity training to confirm knowledge gains (96 percent). Eight in 10 indicate that professional certifications for IT workers are valuable or very valuable as a way to validate cybersecurity-related knowledge and skills.

The report is at https://www.comptia.org/resources/international-trends-in-cybersecurity.

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.