Researchers found 62 percent of organizations did not have methodologies to prioritize security investments based on impact and risk.
Other survey findings included:
- The average number of security incidents detected over the past year was 135 per organization.
- 77 percent of survey respondents reported a security event in the past 12 months.
- 67 percent of respondents who detected a security incident were not able to estimate its costs. Among those that could, the average annual monetary loss was projected to be $415,000.
- 59 percent reported they were more concerned about cybersecurity threats this year than they were the year before.
- 34 percent said the number of security incidents in their organizations increased over the previous year.
"Cyber criminals evolve their tactics very rapidly, and the repercussions of cybercrime are overwhelming for any single organization to combat alone. It's imperative that private and public organizations collaborate to combat cybercrime and gain intelligence about security threats and how to respond to them. A united response will prove to be an indispensable tool in advancing the state of cybersecurity," David Burg, PwC's global and U.S. advisory cybersecurity leader, said in a prepared statement.
PwC also offered the following recommendations for organizations to combat cybercrime:
- Assess risks associated with supply chain partners
- Develop threat-specific policies
- Enhance training and create workforce messaging to boost cybersecurity awareness across the organization
- Ensure that mobile security practices keep pace with adoption and use of mobile devices
- Hold third parties to the same or higher cybersecurity standards
- Invest in people, processes and technologies
- Perform cyber risk assessments regularly
- Take advantage of information sharing internally and externally to learn about new cyber risks
The survey was conducted by CSO magazine in collaboration with PwC, the U.S. Secret Service and the CERT Division of the Software Engineering Institute at Carnegie Mellon University. It included responses from more than 500 U.S. executives, security experts and others from the private and public sectors.
The full survey is available for download here.