Business Perception of IT Security: In the Face of an Inevitable Compromise

IT Security Risks Report 2016

Executive summary

As organisations worldwide look for protection from the growing menace of cyber-crime, Kaspersky Lab set out to better understand the perception and reality of the security threat landscape. This global study of more than 4,000 businesses from 25 countries asked businesses about their perceptions of the main security threats they face and the measures used to combat them.

The research found that companies around the world are facing a multitude of security threats, from viruses and phishing to zero-day vulnerability exploitation and DDoS attacks. Looking at how perception compares with reality provides us with a fresh look on new and emerging cyber threats.

We immediately found multiple areas of improvement of businesses’ perceived readiness towards certain types of incidents. The threat of malware is well recognized as businesses have experienced this more than any other security threat, but businesses don’t feel as vulnerable to this type of threat as targeted attacks, for example, which they feel both highly concerned and vulnerable about.

The report found that data protection is the main area of concern in eight out of ten businesses, and six out of ten typical vulnerable areas are directly related to this fear of data loss. However, it was surprising to note that attitudes to towards general protection approaches are mixed, with only half of those surveyed recognizing the need to be prepared for a security compromise.

Key findings

  • Only half (52%) agree that IT security will be compromised at some point so they need to prepared for these events
  • Data protection is the top priority, with 80% of businesses saying that this is their major concern
  • 54% of businesses say they face challenges understanding how to address inappropriate usage or sharing data via mobile devices, the most vulnerable area of expertise facing organizations
  • Overall, 37% of businesses experienced at least one phishing attack, 17% of businesses had suffered from a DDoS attack, and 20% of businesses worldwide reported an incident involving ransomware.
  • Most prevalent security incidents

  • 43% of businesses experienced data loss due to a cybersecurity incident.

The wide-ranging threat landscape uncovered by the research shows the importance of traditional measures like endpoint anti-malware protection, anti-phishing and vulnerability assessment. Modern intelligent software technologies can be relied upon to combat the vast majority of these threats.

But it’s clear the threats businesses are increasingly concerned about, such as targeted attacks, exploitation of mobile devices and ransomware, call for new approaches. What’s required is a new way of thinking which aligns perception with reality to create protection that addresses concerns and vulnerabilities at the same time.