Content, Breach, Content, Enterprise, Malware, Phishing

Guidance Software Study: Most Enterprises Prep for Major Data Breaches

Many enterprises are preparing to respond to a major data breach in the coming year, according to a study of 330 IT professionals conducted by forensic security solutions provider Guidance Software.

The study revealed compromise incidents continue to grow in number, severity and cost, Guidance indicated.

At the same time, the challenge facing cybersecurity professionals will only grow in the foreseeable future, Guidance CEO Patrick Dennis said in a prepared statement.

"Enterprises are beginning to realize that compromise is inevitable," he said. "In other words, a growing number of enterprises recognize they live in a world of continuous compromise and no longer have to fear the breach."

Data Breach and Cost Statistics

The Guidance study provided insights into different types of data breaches and their costs, and key data breach and cost statistics included:

  • Approximately 65 percent of organizations fell victim to malware-related breaches, up from 56 percent last year.
  • 55 percent said they experienced phishing-initiated breaches, down from 58 percent in 2016.
  • One in four organizations suffered significant or minor direct financial losses due to an attack or breach in the past 12 months.
  • Six percent of companies claimed significant financial losses due to an attack or breach in the past 12 months, and 19 percent claimed minor financial losses.
  • Among those that were hit by directly targeted breaches, 20 percent suffered costs in excess of $1 million.

However, 54 percent of organizations said they feel well prepared to respond to a major breach in the coming year, and 25 percent stated they are looking to build a formal security and incident management team within the next year, according to Guidance.

Three IT Security Challenges

The Guidance study indicated the three IT security challenges that organizations will face over the next year are:

  1. Assessing risk: 35 percent of respondents named assessing risk as the biggest IT security challenge.
  2. Enforcing security policies: 34 percent stated enforcing security policies was the top security challenge.
  3. Managing the complexity of security: 33 percent indicated managing the complexity of security was the biggest challenge.

Ultimately, a "complete" strategy that includes costs for prevention and deep detection and response tools can help an organization eliminate cybersecurity risks, Dennis said.

With this strategy in place, an organization will be able to minimize the number, severity and costs of cyberattacks, according to Guidance.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.