The 2015 US State of Cybercrime survey has been released and is worth a read. The Survey, co-sponsored by PwC, CSO, the CERT Division of the Software Engineering Institute at Carnegie Mellon University and the United States Secret Service is the result of survey responses from more than 500 US businesses, law enforcement services and government agencies, as well as PwC’s 18th Annual Global CEO Survey. The goal of the survey is to “provide a more thorough and balanced look into the current state of cybersecurity and cyberthreats.”

The basic conclusions are:

  • It’s been a “watershed year” for cybercrime and cause headaches for business executives
  • 76% of the respondents are more concerned about cyberthreats this year (87% of CEOs said they were worried about cyberthreats in PwC’s CEO Survey)
  • There is a “significant correlation” between company size and the ability to detect incidents
  • The most frequently detected compromise is from external actors, and phishing campaigns are on the rise (31% said they had experienced a phishing attack in 2014)
  • Cyberattacks are becoming more frequent and destructive, and Distributed denial of service (DDoS) are more potent and frequent
  • Ransomware “is becoming more sophisticated and commonplace”
  • 50% of Boards view cybersecurity as an IT issue rather than an enterprise-wide risk issue
  • Boards are concerned, but not engaged as the CISO or CSO only rarely presents to the Board
  • Security executives should proactively engage the Board on cybersecurity risks
  • There is “an underwhelming level of participation” in industry-specific Information Sharing and Analysis Centers
  • Companies are relying on technology solutions to manage cybersecurity risks
  • Vendor and third party risks are just being addressed and regulators in the financial services industry are focusing on due diligence over down-stream vendors (but 1 in 5 C-Suiters say they are not concerned about third party cybersecurity risks)

The conclusions and suggestions in the Survey are sound and easy to understand and should be summer reading for all business executives.