The recently released Global State of Information Security Survey 2015 found that the number of information security incidents reported around the world rose to 42.8 million in 2014, an increase of almost 50 percent.
According to the study released by PricewaterhouseCoopers, 117,000 cyberattacks occurred each day, and detected security incidents have grown by 66 percent year-over-year since 2009.
The report also found that while security incidents are at an all-time high, budgets for services to defend against them are shrinking. This year, average enterprise spending for information security fell to $4.1 million dollars, dropping 4 percent from 2013. According to the study, security spending only makes up 3.8 percent of overall IT budgets, but reducing the money put toward cybersecurity defenses is actually costing organizations money.
The reported average financial losses from cybersecurity incidents worldwide were $2.7 million this year, an increase of 34 percent from 2013. The survey also discovered an increase in organizations experiencing major financial losses in 2014. Groups reporting losses of more than $20 million almost doubled, as such events become more commonplace.
According to the report, organizations with the most effective security tend to have commitments from C-level executives and communication between teams and departments in order to ensure efficient implementation of security solutions. However, less than half of survey participants reported that their organizations employed these types of methods to discuss and coordinate information on security issues.
Based on the survey's conclusions, researchers with PricewaterhouseCoopers noted that it is increasingly important for companies to focus on rapidly detecting security breaches and to have a plan in place to mitigate the effects of a security event.
While organizations would obviously benefit from increase security budgets and greater cooperation from those at the top, these things are not necessary to implement effective security techniques. One method that is especially beneficial for budget-conscious enterprises is the management of privileged users and device management.
The use of data encryption is a reliable way to ensure only authorized users are able to obtain privileged data. Only approved parties are granted access to a decryption key that makes it possible to read sensitive information, and anyone attempting to steal such files without the code will receive only scrambled data. Encryption can be placed on information stored within any enterprise network or system, dramatically increasing data protection without an enormous financial investment.