US: Targeted attacks impact decisions at the board level, survey shows

Reading time: 4 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

Some 90 percent of boards of directors in the US address cybersecurity as a serious risk management issue with severe reputation and financial consequences, while only 8 percent haven’t done it so far, according to a recent Bitdefender survey.

Some 60 percent of IT security decision makers in the US say their companies could ‘definitely’ be a target of cyberespionage campaigns using advanced persistent threats (APTs), according to a recent survey by security firm Bitdefender. These complex cyber tools are crafted for high-profile entities and operate by silently gathering sensitive data over long periods. Another 35 percent of respondents say their IT infrastructure could ‘possibly’ be targeted in high-level cyberespionage actions that exfiltrate intelligence systematically.

Most organisations (70 percent) have an incident response and disaster recovery plan in place in case of an APT attack or massive breach, and 26 percent admit they have started developing such a strategy, currently as a work in progress. Less than 3 percent lack these types of procedures.

Three in four IT security decision makers in the US reveal both financial costs and reputational damage to their businesses top the list of the worst consequences they could face if an APT attacker accesses the ‘crown jewels’. Bankruptcy comes third (35 percent). Darker risks even include war or cyber conflicts (24 percent), and the loss of life (18 percent).

US companies mostly fear losing information about their customers (54 percent), followed by financial information (44 percent), information about certain employees (37 percent), research about new products (33 percent), product info and specifications (27 percent), intellectual property (23 percent), and research about the competition (14 percent), said respondents. 

Who do you think could target your organization with an advanced persistent threat? (US results, %)

USA-chart.jpg

According to the survey, security has reached board level in the overwhelming majority of large companies from France (95 percent), Italy (94 percent), Germany (91 percent) and the United States (90 percent). Lower, yet still good, numbers have been reported in Sweden (85 percent), the United Kingdom (81 percent) and Denmark (74 percent).

A previous study by Bitdefender revealed that companies in the US would pay an average of $124,000 to avoid public shaming scandals after a breach. Some 14 percent would pay more than $500,000.

The survey, conducted in April-May 2017 by Censuswide for Bitdefender, included 1,051 IT security purchase professionals from large enterprises with 1,000+ PCs and data centers, based in the US, the UK, France, Italy, Sweden, Denmark, and Germany.

continuous sec