Cybercrimes continue to increase in both regularity and financial impact, but the security apparatuses of most major companies still can't rival “the persistence and technological skills of their cyber adversaries,” according to a study published jointly by the U.S. Secret Service, the CERT Division of the Software Engineering Institute at Carnegie Mellon University, PwC and CSO Magazine.
Only 38 percent of companies studied prioritize security investments based on risk and impact to business strategy.
Researchers surveyed 500 executives of US businesses, law enforcement services, and government agencies. They evaluated their cybersecurity practices “against current and evolving adversaries.”
Despite recent massive security breaches involving third-party vendors — such as the 2013 Target Corporation attack that compromised data for as many as 110 million customers — fewer than half of companies surveyed (44 percent) have a process for evaluating partners' security before launch of business operations.
Less than one-third of companies (31 percent) include security provisions in contracts with vendors and suppliers.
Read the full study HERE.