Some 41% of more than 500 US organizations polled said they were unable to determine if they were being targeted by zero-day and other advanced cyber threats designed to evade countermeasures.
Most respondents (83%) said their organizations had been targeted recently by advanced attacks and 71% said such attacks have increased in the past year.
According to Ponemon, zero-day attacks are the most prevalent form of advanced threat, but there is an increase in the number of known attacks that are being re-engineered to extend their use.
Half of all advanced attacks target proprietary data, while 48% are aimed at personal information, including customer and employee records, respondents said.
But IT security professionals said they are finding it difficult to respond effectively and quickly enough to defend against these attacks.
Some 80% of security managers said it takes at least a day or longer to detect such attacks. Of these, 46% said it requires at least 30 days.
Ponemon said this delay is often the result of organizations not having the right technology or training despite having the appropriate policies and procedures in place.
More than half of respondents said they have sufficient policies and procedures, but only 26% said they have adequate skills in-house and only 32% said they have the necessary defense technology.
Ponemon found that 69% of respondents use anti-virus tools and 61% use an intrusion detection system, but 90% said exploits or malware have evaded these tools, or that they are not sure.
Only 19% said their IT leaders are fully aware of the challenge of, and requirements for, defending against advanced attacks.
This story was first published by Computer Weekly