Results from the webcast showed a fairly even split among respondents regarding whether or not their organization was likely to experience an electronic security breach in the next 12 months. According to the results, 41.7 percent believed it was "likely" or "extremely likely" that an electronic security breach would occur in this time frame, while 38.4 percent indicated it was "unlikely" or "extremely unlikely."
"Cyber crime is far more common and creates a larger threat than respondents may recognize. Based on the results of this poll, it appears that many organizations are leaving themselves vulnerable to cyber crime because there might be a false sense of security, or perhaps even complacency," said John Kula, director in the forensic & dispute services practice of Deloitte Financial Advisory Services LLP. "Many organizations are failing to recognize the prevalence of cyber crimes in their IT environments and consequently could be misallocating limited resources to lesser threats."
When asked what their experience was with respect to cyber crime, the majority of participants (68.4 percent) responded that they have received phishing e-mail messages and 12.1 percent of respondents reported their organizations have been targeted by cyber criminals. Participants believed that the type of information senior management in their organizations was most concerned with cyber criminals gaining access to, as it pertains to being vulnerable to attempted breaches of electronic information security, was customer personal information (38.1 percent), financial information (21.8 percent), followed by intellectual property or business plans (12.2 percent).
"Cyber crime innovation and techniques have outpaced traditional security models. That's what makes it so important to gather intelligence data internally and externally to understand the threats, and then to act on that intelligence. If companies don't have the tools in place to be informed and to prevent breaches, it could lead to significant risks, potentially leading to financial losses, regulatory issues, and a loss of client and public confidence," said John Clark, partner in the security & privacy services practice of Deloitte & Touche LLP.
More than 1,400 business professionals from the aerospace and defense, banking and securities, consumer products, energy and resources, financial services, health care providers, insurance, investment management, life sciences and health care, media and entertainment, oil and gas, process and industrial products, real estate, retail, wholesale, distribution, technology, media and telecommunications industries responded to the online polling questions during a July 2010 Deloitte Private Companies series webcast titled "Cyber Crime: Phishing and Hacking and Fraud, Oh My!"
As used in this document, "Deloitte" means Deloitte Financial Advisory Services LLP, Deloitte & Touche LLP and Deloitte Services LP, which are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.