U.S. Organizations Are Still

LOSING THE CYBERWARTo Hackers in 2014

Current State of Cybercrime Hits Home

59% of surveyed respondents were more concerned about cybersecurity than the previous year, here is why:

of companies have a methodology to prioritize security investments based on risk and impact to business strategy.

Only 38%

77%of organizations have reported a security event in the past 12 months.

135 average cyber incidents per organzation in the last year.

34%said the number of security incidents increased over previous year.

of U.S. respondents are worried about the impact of cyber threats to their business growth prospects, compared with 49% of global CEOs.

69%

Lack of Cybersecurity Leadership Costs Organizations

of those who detected a security incident were not able to estimate the financial costs.

69%could estimate the average annual monetary loss and claimed it was

ONLY 33%

$415,000

of all U.S. entities reported financial losses of

19%$50,000 - $1 MILLION

Study Reveals 8 Major Cybersecurity Concerns

Most organizations do not take a strategic approach to cybersecurity spending

Organizations do not assess security capabilities of third-party providers Supply chain risks

are not understood or adequately assessed

Security for mobile devices is inadequate and has elevated risks

Cyber risks are not sufficiently assessed Organizations do

not collaborate to share intelligence on threats and responses

Insider threats are not sufficientlyaddressed

Employee training and awareness is very effective at deterring and responding to incidents, yet lacking at most organizations

1

2

3

4

5

6 7

8

Combatting Cybercrime Involves Collaboration and Strategic Spending

of companies with high-performing security practices collaborate with others to deepen their knowledge of security and threat trends.

82%of CSOs expect their time with business leaders to increase over the next three years.

79%

are placing more value on risk management in the next 12 months while 49% expect their budgets to increase in that same span.

61%

$683,000

Companies without security training for new hires reported average annual losses of

for those who do have training.

RISKMANAGEMENT

say insider crimes are more costly or damaging than incidents perpetrated by outsiders. However, 49% of all respondents have a plan for responding to insider threats.

32%

Cybercrime is a clear, present, and permanent danger. While its a permanent condition, however, the actors, threats, and techniques are very dynamic.

Tom Ridge, CEO of Ridge Global and first secretary of the U.S. Department of Homeland Security

In todays cybercrime environment, security decision-makers rely on CSO and their partners for the latest in security solution products and services. Contact Bob Bragdon, Publisher, CSO at bbragdon@cxo.com or visit www.csomediakit.com to learn how CSO is helping to lead the fight against cybercrime and to request the full results of this study.

Sources: 2014 U.S. State of Cybercrime Survey from CSO, PwC, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon University; 2014 State of the CSO Study; PwCs Annual Global CEO Survey 2014; PwC, Global Economic Crime Survey 2014, February 2014

Over 500 U.S. executives, security experts, and others from private and public sectors responded to the 2014 U.S. State of Cybercrime Survey.

CEOs Make Headlines Following Breaches

compared to $182,000

Security Decision-Makers Collaborate with CSOand their Trusted Partners

Target CEO Resignation Highlights Cost of Security Blunders

10 MistakesCompanies MakeAfter a Data Breach

Apple CEO Says iCloud Security Will Be Strengthened

csoonline.com, September 2014 csoonline.com, May 2014 csoonline.com, November 2013

on average