New Study Reveals Cybercrime May Be Widely Underreported–Even When Laws Mandate Disclosure

ISACA’s State of Cybersecurity Report Also Finds Only 1 in 3 Organizations Highly Confident in Their Ability to Detect and Respond to ThreatsSCHAUMBURG, Ill. — While attack vectors remain largely the same year over year, attack volume will increase and cybercrime may be vastly underreported, according to the 2019 State of Cybersecurity Study from ISACA.

New study reveals cybercrime may be widely underreported—even when laws mandate disclosure. View full results at https://bit.ly/2XpQR6n.

“Underreporting cybercrime—even when disclosure is legally mandated—appears to be the norm,” said Greg Touhill, Brigadier General (ret), ISACA Board Director, president of Cyxtera Federal and the first US Federal CISO. “Half of all survey respondents believe most enterprises underreport cybercrime, even when required.”

Equally concerning, only 34 percent of cybersecurity leaders have high levels of confidence in their cybersecurity team’s ability to detect and respond to cyberthreats. The highest levels of confidence are correlated with teams reporting directly into the CISO, and the lowest levels are correlated with teams reporting into the CIO. Forty-three percent of respondents say their teams report to a CISO, and 27 percent report to a CIO.

“What we can conclude from this year’s study is that governance dictates confidence level in cybersecurity,” said Frank Downs, ISACA’s director of cybersecurity practices.

These findings indicate confusion around structuring cybersecurity with information technology.

ISACA’s State of Cybersecurity Study, sponsored by HCL, captures perspectives of more than 1,500 individuals who define the field worldwide.

According to this report, released today at Infosecurity Europe, the top three threat actors remain cybercriminals, hackers and nonmalicious insiders. Phishing, malware and social engineering are the most prevalent attack types for the third year in a row. Ransomware decreased significantly; 37 percent of organizations reported experiencing ransomware in last year’s study, compared to 20 percent this year.

Just under half of organizations report an increase in cybersecurity attacks this year, and 79 percent consider it likely they will experience a cyberattack next year.

“Cybersecurity suffers from a siloed and static approach,” said Renju Varghese, Fellow & Chief Architect, CyberSecurity & GRC, at HCL Technologies Ltd. “Many teams are missing significant attacks because they don’t have the size or expertise to keep up with attackers. Moreover, their existing security tools and processes are segregated and seldom work in tandem.”

However, by carefully analyzing variables contributing to incident susceptibility and team inefficiency—including cyber reporting structure, prevalent attack methods and team readiness through a culture of continuing professional education—organizations can better prepare themselves for dangers presented by cyber miscreants, says Downs.

State of Cybersecurity 2019 parts 1 and 2 are available for free at www.isaca.org/info/state-of-cybersecurity-2019/index.html, as part of ISACA’s Cybersecurity Nexus, which offers credentials, training, guidance and research for security professionals.

About ISACA

Now in its 50th anniversary year, ISACA® (isaca.org) is a global association with 140,000 members who work in governance, assurance, risk and innovation.

logo

Contacts

Emily Van Camp, +1.847.385.7223, [email protected]
Kristen Kessinger, +1.847.660.5512, [email protected]

Published at Mon, 03 Jun 2019 23:45:08 +0000