The report is billed as drawing on research collated from around 3,300 companies in 36 countries and claims to show that organisations are getting better at fighting the war against cybersecurity threats. Whilst the majority of respondents suffered damages as a result of cyber-attacks, more respondents reported a decline in the number and frequency of attacks compared to 2010.
71% of organisations saw attacks on their IT platforms over the past 12 months, compared to 75% reporting attacks in last year's survey. In addition, the percentage that reported an increasing frequency of attacks fell from 29% in 2010 to 21% in 2011, with 92% of businesses reporting losses from cyber-attacks in 2011, compared with full house - 100% - reported last year.
Despite these improvements, the report notes that security continues to be a huge concern for organisations. Whilst businesses face a variety of risks, the top three concerns are related to data and network security.
Respondents ranked cyber-attacks as their top concern, followed by IT incidents caused by well-meaning insiders, and internally generated IT-related threats. The survey results also indicate that more and more businesses believe that keeping their operations and information secure is of vital importance.
41%, for example, said that cybersecurity is somewhat or significantly more important than 12 months ago. In contrast, only 15% think it is somewhat or significantly less important.
Delving into the report reveals that 29% of businesses said they experience cyber-attacks on a regular basis and 71% saw attacks in the past 12 months. Furthermore, says Symantec, 21% said the frequency of attacks is increasing.
The top attack vectors in this regard include malicious code, social engineering, and external malicious attacks.
According to Greg Day, Symantec's director of security strategy, whilst the numbers and frequency of cyber-attacks are both reducing, the cost of mopping up – or remediating – the attacks is rising.
“The biggest issue is downtime - some of the companies I've been speaking to say the downtime cost issue has risen by as much as 49% over the last year,” he told Infosecurity, adding that,whilst we as an industry are getting good at defending against individual attacks, this is not always true for more complex ones.
Day went on to say that the biggest issue that most IT security professionals are grappling with at the moment is how to deal with an attack – and, of course, its aftermath.
Security, he explained, needs to become bi-directional, with IT security professionals assisting other management disciplines and those disciplines feeding their knowledge back to the IT security professionals.
“There's been a mystique attached to the process of IT security, but things are now changing. 20 years ago a laptop cost a small fortune, yet today they can be bought for a few hundred pounds”, he said, adding that companies are now saying that their focus is about doing more with less.