The independent blind survey of 200 C-level executives at U.S.-based enterprises was conducted by Opinion Matters on behalf of ThreatTrack Security in June 2013. The results highlight the opinions of CSO, CIO, CEO and CTO executives related to the cybersecurity practices of their companies.
At a time when Advanced Persistent Threats (APTs), targeted attacks, Zero-day threats and other sophisticated malware have become profitable businesses for malware writers and cybercriminals, many large enterprises are still struggling with how to protect themselves. It is especially telling that, according to the study, 97% of enterprises with annual security budgets over $1 million still report concerns that they are vulnerable to malware attacks and cyber-espionage tactics.
"Enterprises are facing an unprecedented surge of highly targeted and sophisticated threats that are designed to evade traditional malware detection technologies," said ThreatTrack Security Chief Executive Officer Julian Waits, Sr. "The only way to battle these threats effectively is with a combination of highly skilled cybersecurity professionals armed with the strongest malware analysis tools available. Companies that don't employ the right mix of people, process and technology are making themselves excellent targets for the cyber bad guys."
Key findings from the survey include:
· 69% of executives are concerned that their organizations may be vulnerable to targeted malware attacks, APTs and other sophisticated cybercrime and cyber-espionage tactics.
· More than one in five enterprises (21%) say their biggest concern is not knowing whether an attack is taking place.
· 47% say their cyber defense does not include an advanced malware analysis tool, such as a malware analysis sandbox; 42% do not have a dedicated Incident Response Team employed.
· One third of the enterprises surveyed say they are aware of a targeted malware attack against their company, including 50% of financial services firms and 53% of manufacturing companies.
· 82% of financial services firms are concerned about APTs and sophisticated attacks, but only half of them employ an advanced malware analysis tool like a sandbox.
· 36% of enterprises say they are more concerned about losing proprietary intellectual property and trade secrets in a breach than they are about losing their customers' personally identifiable information (such as credit card data, social security numbers or medical records).
Consumers Not Confident Their Data Is Safe
In a companion survey of 203 U.S. consumers – also conducted by Opinion Matters on behalf of ThreatTrack Security during the same time period – 71% of respondents indicate that the companies that hold their personally identifiable information were either not doing everything they could to protect that data (43%) or were not sure whether that was the case (28%). 75% of consumers report concerns that these companies would be attacked and their personally identifiable information would be compromised.
The data also suggests that these consumers have reason to be concerned. Nearly half (47%) say they have been notified at some point that their information has been compromised by a breach, and of those respondents, another 47% say that even after being notified, they still did not feel well-informed or reassured that their data would be safe.
Little Support for Government Intervention
Even with this rampant lack of confidence in enterprises, consumers do not trust the government to get involved when it comes to their personal information. A majority (70%) do not believe the government should dictate to private companies how they handle and store private data or which technologies they should use to secure their networks.
Full survey results are available upon request, and an executive report with additional analysis can be found at: http://www.threattracksecurity.com/resources/white-papers.aspx.
About ThreatTrack Security Inc.
ThreatTrack Security specializes in helping organizations identify and stop Advanced Persistent Threats (APTs), targeted attacks and other sophisticated malware that are designed to evade the traditional cyber-defenses deployed by enterprises, and small and medium-sized businesses (SMBs) around the world. The company develops advanced cybersecurity solutions that analyze, detect and remediate the latest malicious threats, including its ThreatAnalyzer malware behavioral analysis sandbox, VIPRE business and consumer antivirus software, and ThreatIQ real-time threat awareness service. Visit www.ThreatTrackSecurity.com to learn more.