Senior levels of the business still face an information gap that makes it difficult for them to align investments in risk protection to the true strategic value of an organizationís digital assets; this, according to a report by global business consulting firm Bain & Company.
Statistics show that:
- The median cost of cybercrimes jumped 56 percent to $5.9 million per organization in 2011 over 2010, the most recent data available
- Web-based attacks during the same period increased to 4,500 per day, a 36 percent rise
- Mobile malware quadrupled in 2013, with Android attacks increasing by an astounding 26 times
- DDoS attacks increased 27 percent in the same period
- Financial motives now drive nearly 95 percent of cyber-attacks, placing the target squarely on strategic assets that can be monetized after a breach.
The report points to disconnects between an organizationís risk-management efforts and the development of necessary cybersecurity capabilities as a hidden cause behind the material causes of individual incidents, because business groups and IT often fail to discuss emerging threats or the relative importance of different kinds of digital assets.
Instead, according to the Bain report, compliance obligations, not strategy implications, are the greatest driver for cybersecurity considerations for three-in-four CIOs. The finding demonstrates the over-reliance placed on operational approaches to security.