Deloitte Survey Finds Breaches Across Industries
A mid-February 2013 Deloitte Tech Trends poll of 1,749 business executives found more than one in four report their organizations were the victims of at least one cyber attack in the past year.
Nine percent report multiple breaches, and 17 percent say they are not confident their organizations could detect an attack. The business executives are from industries including financial services, health care, life sciences, retail, public sector, travel, consumer and industrial products, energy and resources, and technology, media and telecom.
“Organizations across many industries need to change the lens through which they view cyber-risk,” said Mark White, principal and chief technology officer for Deloitte Consulting. That means not just relying on traditional security controls, he adds, but by transforming the way they defend, detect and even manage security by leveraging cyber intelligence and advanced techniques.
The results of the poll, says White, underscore the importance of cyber-intelligence, highlighted in the “No Such Thing as Hacker-Proof” chapter in Deloitte’s 4th Annual Tech Trends Report: Elements of Postdigital. The chapter is co-authored by Kieran Norton and Kelly Bissell, both principals with Deloitte & Touche. Additional findings from the poll, based on a Deloitte Dbriefs webcast “If You Build It, They Will Come – And Try to Hack It,” include the following:
Response times to identify and address breaches vary, with plenty of room for improvement. Almost half (48 percent) of respondents say their organizations identify and triaged threats within hours, while approximately one in five (21 percent) report their organizations does so within a week, and nearly one in 10 (9 percent) says it takes more than a week.
People, process and technology are all critical to cyber threat programs. Respondents say the following concerned their organizations the most regarding their cyber threat programs: infrastructure and technology (28 percent); right talent/right skills (26 percent); effective operational processes (24 percent); and adequate resourcing/funding (22 percent).
**Consumer/personal information is highly valued by cybercriminals, and organizations invest heavily trying to protect it. **Respondents put a high price tag on consumer/personal information, with approximately half (49 percent) reporting this type of data would be of most value to cybercriminals, followed by intellectual property (27 percent); corporate strategy information (13 percent) and financial performance information (11 percent). Consistent with this data, 55 percent of respondents say their organizations most heavily invested in protecting consumer/personal information, followed by intellectual property (23 percent).
The bottom line, says Norton, leader of Deloitte’s U.S. cyber threat management practice, is that cyber security may sound technical in nature, but, at its core, it is a business issue. Any company’s competitive position and financial health may be at stake.
“Business and technology leaders need to engage in effective dialogue about what the business values most, how the company can drive a competitive advantage, and which information and other digital assets are the most sensitive,” Norton writes in the report.
Norton’s and Bissell’s chapter suggests a new attitude is needed with regards to security and privacy. Anticipate and prevent when possible, they say, but be ready to isolate and encapsulate intrusions to reduce impact.
“There may be no such thing as hacker-proof,” says Norton. “But there's a chance to reduce your cyber beacon, be less inviting to attack and proactively establish outward- and inward-facing measures around your most valued assets.”