Cyberattacks cost businesses an average of $2 million per year, according to Symantec’s 2010 State of Enterprise Security (PDF) study. For large companies, the average loss was $2.8 million a year. Seventy-five percent of surveyed companies had experienced cyber attacks in the last 12 months. Forty-one percent of these attacks were “somewhat/highly effective.” Twenty-nine percent of companies saw an increase in cyberattacks in 2009, and every single one of the 2,100 companies surveyed by Symantec experienced cyber losses in 2009. The most common attacks were theft of customers' personally identifiable information, downtime of environment, theft of intellectual property and theft of costumer credit card information. In 92 percent of the cases, this led most commonly to loss of productivity, lost revenue and loss of company trust.
Enterprise security is often understaffed. The most impacted areas are network security (44 percent), endpoint security (44 percent), and messaging security (39 percent). What also makes security difficult is that two of the most vulnerable technologies are also two of the hottest: cloud computing and virtualization.
In order to strengthen enterprise security, Symantec recommends that companies be much more proactive.
“The costs of cyber attacks are financial, brand, stock price and a lot of other things as well," said one respondent to Symantec's survey. "But the biggest cost is a ruined reputation. Who wants to do business with a company that cannot protect their customers’ information?”
One of the problems with enterprise security is that the every new technology that’s adopted not only brings about security risks, it also requires users a good amount of time to learn how to use it safely (see: Facebook). The further advanced the technology becomes and the more it penetrates new aspects of our lives (what location we’re checking into, for example), the ramifications of security breaches become increasingly severe.
Researchers at Rutgers University have recently shown that smartphones can be activated by malicious code to record meetings and track people via GPS. While many people and enterprises don’t seem to take security as seriously as they should, they should be aware that vulnerabilities to cyberattack grow exponentially every time a new technology is introduced and adopted.