Ponemon study: Cyber attacks more frequent, severe

Most respondents say they expect to be hit again this year.

Cyber attacks are becoming more frequent and severe, and the vast majority of businesses have suffered at least one data breach in the past year, a Ponemon Institute survey says.

According to the survey, 77% of respondents say attacks have been more severe or more difficult to prevent over the past 12 to 18 months, while 78% say attacks are more frequent. The survey was sponsored by Juniper Networks.

Only 10% of those who answered the survey say they had no data breaches and 53% say they had one to three.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Cyber attacks are becoming more frequent and severe, and the vast majority of businesses have suffered at least one data breach in the past year, a Ponemon Institute survey says.

According to the survey, 77% of respondents say attacks have been more severe or more difficult to prevent over the past 12 to 18 months, while 78% say attacks are more frequent. The survey was sponsored by Juniper Networks.

Only 10% of those who answered the survey say they had no data breaches and 53% say they had one to three.

ONE EXAMPLE: Northrop Grumman constantly under attack by cyber-gangs 

Given these numbers, 53% have low confidence that their networks would avoid attacks in the next year; 24% say they have high confidence they won't suffer attacks, the survey says. A third (34%) have low confidence their network infrastructure can protect against attacks.

"We believe the fact that so many organizations are having multiple breaches is resulting in a low opinion about security preparedness and a low level of confidence they have to prevent a future attack," the survey says.

The cost of 55% of the breaches was between $250,000 and $1 million, with 19% saying the cost was more than that, and 16% saying they couldn't determine what their breaches cost.

Data breach quiz

Most of the incursions took place on mobile devices (28%) or on devices owned by business partners (27%). Another 20% took place in corporate branch offices and 16% at headquarters.

Of those companies that did suffer attacks, 40% don't know where the attacks came from. The top three causes of security breaches are insider abuse, malicious software downloads and malware from a Web site.

Employee laptops were the most common (34%) endpoint from which security breaches occurred followed by mobile devices such as tablets and smartphones (29%) and corporate desktops (28%).

Read more about security in Network World's Security section.