According to the 2011 CyberSecurity Watch Survey conducted by CSO magazine, 28% of respondents have seen an increase in the number of events in the 2011 study and 19% were not impacted by any attacks, compared to 40% in the 2010 study.
The survey, which was sponsored by Deloitte and took in responses from 600 professionals, is a cooperative effort of CSO, the US Secret Service, the Software Engineering Institute CERT. Program at Carnegie Mellon University and Deloitte.
"Organisations are becoming more strategic in how they prevent and respond to cybersecurity events such as the advanced persistent threat (APT)", said Ted DeZabala, national leader of Deloitte's Security & Privacy services.
"However, while the survey suggests that the annual monetary losses from events have dropped from $395,000 in 2010 to $123,000 per organisation in 2011, we believe these numbers are a result of organisations associating incidents to different domains such as privacy and fraud rather than traditional cybersecurity", he added.
According to DeZabala, this metric alone could be misleading as reported events, sophistication of attacks and external attributions have all increased while the perceived effectiveness of technology-based defences has decreased."
Commenting on the report, Amichai Shulman, CTO of data security specialist Imperva, said that the most interesting takeout is that 21% of attacks are caused by insiders.
And, he says, the report also points out that the percentage of those viewing the insider attacks as more costly is up this year (33%) on the 25% reported last year.
"The report is also very interesting as it defines an insider as being an employee or contractor with authorised access, as well as noting that these types of attacks are becoming more sophisticated, where the user employs different Rootkits and hacking tools" he added.
This, he explained, is a significant shift, as, to date, insider attacks used to rely on very simple techniques and tools, which are available with any workstation.
The Imperva CTO went on to say that there is a greater problem here that flies in under the radar, and does not seem to be included in the statistics.
This, he says, centres on the threat of the individual who has no deliberate intention to cause the company any damage. Rather, the insider threat is mostly caused by an employee that collects information rightfully over time and the information is not removed when the employee leaves the company.
The danger here, says Shulman, is when the employee re-uses that data at their next place of employment, or, as sometimes happens, the data `leaks' from the employee's own computer.