Cybercrime remains a clear and present danger according to the latest findings from the 2015 U.S. State of Cybercrime Survey, released by CSO, PwC, the U.S. Secret Service, and the CERT Division of Software Engineering Institute at Carnegie Mellon University.
The 2015 research found that the number of security incidents continues to surge. Additionally, organizations are still playing catch-up to combat cyber criminals. This study dives deep into the origins, effects, and causes of cybercrime in the U.S. Enjoy this sample of the results and contact IDG Enterprise to learn more about this study or other studies that may be available.
2. 2
Purpose and Methodology
SURVEY SAMPLE
TOTAL
RESPONDENTS
509 executives at U.S.
businesses, law
enforcement services
and government
agencies
MARGIN OF ERROR +/- 4.3%
AUDIENCE BASE CSOonline.com
COLLECTION Online Questionnaire
TOTAL QUESTIONS 62
U.S. State of Cybercrime Survey is
conducted annually to gain insight and
evaluate trends in the frequency and
impact of cybercrime incidents,
cybersecurity threats, information
security spending. Additionally, the study
examines the risks of third-party
business partners in private and public
organizations.
SURVEY GOAL
SURVEY METHOD
Source: The 2015 U.S. State of Cybercrime Survey, in partnership with PwC, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon University
3. 3
Concerns About Cybersecurity Sees Sharp Increase
Q: Are you more concerned or less concerned about cybersecurity threats posed to your organization this year (2015)
than those you encountered the previous year (2014)?
Q: Please estimate the total monetary value of losses your organization sustained due to cybercrime and advanced
persistent threats during the past 12 months including those costs associated with resolving all issues associated with
the incident.
Source: The 2015 U.S. State of Cybercrime Survey, in partnership with PwC, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon
University
4. 4
Security Investments See Increase as Attacks Soar
Q: Compared to the previous year's security budget, how did this past year's security budget change?
Q: What was your organization’s approximate annual IT Security budget for security products,
systems, services, and/or staff for each of the following areas during the last 12 months (January
2014-2015)?
SMB (<1,000)
Remained the
Same
Remained
the Same
60%
Increased
35%
Decreased
5%
Remained
the Same
35%
Increased
55%
Decreased
9%
Enterprise (1,000+)
Source: The 2015 U.S. State of Cybercrime Survey, in partnership with PwC, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon
University
5. 5
Increased Budgets Allow for
Spending on Newer Technologies
Q: To address cyber-risks, are your investments and spending focused on:
49%
44%
32%
17%
14%
11%
45%
35% 35%
30%
16% 18%
New technologies Audits & assessments New skills &
capabilities
Redesign
cybersecurity strategy
Redesigning
processes
Particpating in
knowledge sharing
Enterprise (1,000+) SMB (<1,000)
Source: The 2015 U.S. State of Cybercrime Survey, in partnership with PwC, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon University
6. 6
62%
57%
52%
42% 40%
23%
Third-party
vendors
Contractors Software Suppliers Procurements Not concerned
about risks
Assessment of business ecosystem risks
Supply Chains at Risk; Need C-Suite Attention
Q: Please identify all areas where you consider supply chain/ business ecosystem risks?
Q: On average, how often do you evaluate the security of supply chain/business ecosystem partners with which you share data or network access?
Source: The 2015 U.S. State of Cybercrime Survey, in partnership with PwC, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon
University
7. 7
Manual patch
management
Change control/
configuration
management
systems
Wireless
monitoring
Automated patch
management
Video surveillance
Not very effective
Not at all effective
Confidence in Security Solutions Varies
Firewalls SPAM filtering Electronic access
control systems
Network-based
anti-virus
Access controls
Very effective
Somewhat effective
Q: How effective do you consider each of the following technologies in place your organization in detecting
and/or countering security events?
86% 82% 76% 74%76%
17%17%18%19%
32%
5 MOST
EFFECTIVE
SOLUTIONS
5 LEAST
EFFECTIVE
SOLUTIONS
Source: The 2015 U.S. State of Cybercrime Survey, in partnership with PwC, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon
University
8. 88
To receive a pdf of this study, or for more information, please
contact: Sue Yanovitch, VP, Marketing at IDG Enterprise
syanovitch@idgenterprise.com
To get results from IDG Enterprise research when it happens,
or any other news, follow us on Twitter: @IDGEnterprise
Continue the Conversation
ADDITIONAL WAYS TO STAY ON TOP OF INFORMATION FROM IDG ENTERPRISE:
Sign up to receive our monthly marketing
newsletter at www.idgenterprise.com/newsletter
Visit us on LinkedIn:
www.linkedin.com/company/idg-enterprise
Editor's Notes
Methodology
2015 U.S. State of Cybercrime Survey audience base and methodology: Responses from 509 executives of US businesses, law enforcement services, and government agencies. The study evaluated trends in the frequency and impact of cybercrime incidents, cybersecurity threats, information security spending, and the risks of third-party business partners in private and public organizations. The study also assessed how businesses are adopting to evolving expectations of the information security function and the Board of Directors. Comparison’s to 2014 are based on the 2014 U.S. State of Cybercrime survey results. Respondents provide insight into incidents within the past 12 months.
Survey Fielded
January 9, 2015 to February 3, 2015
