Anyone paying attention the news could guess that security breaches are on the rise – but by how much? PWC compiled data from 13 separate industry sectors and published The Global State of Information Security® Survey 2015 with everything you need to know about the state of information security. Don’t want to read all 42 pages? Don’t worry; we’ve got your back. Below are all the key findings:
2015 information security statistics
- The total number of security incidents detected by respondents climbed to 42.8 million this year, an increase of 48% from 2013.
- The compound annual growth rate (CAGR) of detected security incidents has increased 66% year over year since 2009.
- Survey respondents (35%) pointed the finger at employees more than any other threat actors, making them the most-cited culprits of security incidents.
- A growing number of respondents attribute incidents to third parties with trusted access to networks and data, including current (18%) and former (15%) service providers, consultants, and contractors.
- Investments in information security budgets declined 4% over 2013.
- Companies with revenues less than $100 million reduced security investments by 20% over 2013.
- Fewer than half (42%) of respondents say their Board actively participates in the overall security strategy and 36% say the Board is involved in security policies.
- 55% of respondents say they collaborate with others to improve security.
- More than half (54%) of respondents say they have implemented a mobile security strategy, and 47% say they employ mobile-device management (MDM) or mobile-application management (MAM) solutions.
- More than half (51%) of respondents say they have purchased cyber security insurance.
Yes, all this information is interesting, but it is also important for you to share. Take the stats most relevant to your company and share them with employees and stakeholders. These shocking statistics may be the motivation they need to develop better security habits or to decide to invest more in security.
Statistics that just underscore how Cyber security threats are going to continue to grow in the coming years, so it’s highly essential that companies start securing their entire digital infrastructure, which begins by putting in place information security policies and procedures, provisioning and hardening of such systems, and then undertaking comprehensive security awareness training for employees. Call it the 3-point stance for protecting your organization. The problem is that most companies have (1). Outdated policies (2). Don’t have formalized procedures and checklists for hardening their information systems, and (3) do little or nothing when it comes to security awareness training. This won’t cut it in today’s world, so it’s time to get serious about information security.
Thanks for the comment, Jack. We agree; you make some valid points and good recommendations for protecting organizations from cyber security threats. Appreciate your input!