2015 U.S. State of Cybercrime Survey: What to Know, What to Do

The issue of cybersecurity and resultant cybercrime may be the single most important problem facing organizations today.  Any breach or security event causes two negative results: the costs of stopping the attack including fixing the damage, and the direct reimbursement costs and reputational impact of the event to the organization overall.  For some firms, a major breach can actually be a death knell.

The 2015 U.S. State of Cybercrime Survey, recently released by CSO, PwC, the U.S. Secret Service and the CERT Division of Software Engineering Institute at Carnegie Mellon University, provides critical information that will help you build the right plan to protect your organization. The survey was conducted among 509 executives at U.S. businesses, law enforcement services and government agencies.

The Likelihood of a Security Event Is Increasing

The need to develop a better cybersecurity event and response plan is well justified.  In simple terms, the likelihood of being impacted by a security event has gone from “maybe not” to “most likely.”  From a hard data perspective, 79% of the respondents experienced a cybersecurity event in the last 12 months, and there was a 21% increase in the number of attacks.  Fully 76% of the respondents are more concerned about a security event in 2015 than they were in 2014.  A cybersecurity event may not be as certain as death and taxes, but an attack or breach is now highly likely.

Quantifying the Damage Is Still Difficult

From the perspective of senior management, perhaps the most troubling aspect of a security event or breach is the inability to put hard numbers around the cost of the breach or detail its definitive impact.  Over one-quarter of the respondents were unable to assess the financial impact of past security events; based on anecdotal data, many organizations are still merely estimating the costs of an event.  This lack of certainty puts pressure on the CSO and IT organization to better document the impact of a breach and to be able to quantify the impact in concrete terms.

Where Do the Threats Come From?

To stop today’s threats, it’s essential to understand their source.  However, this is easier said than done.  The survey found that 33% of the respondents weren’t sure where attacks originated.  That’s a testament to the increased cleverness and technical skill of hackers.  In terms of known attacks, the two primary vectors are direct attacks and attacks through employees.

For many organizations, employee-based attacks are the most troubling attack vector.  Targeted employee attacks are becoming more common, with spear phishing and so-called “advanced persistent threats” focused on specific individuals.  In fact, 31% of the respondents had suffered a phishing attack in the last 12 months.   When combined with survey data showing that nearly 40% of end-user-sourced breaches were the result of mistakes or were unintentional, stopping employee- or user-based threats must be a focus, requiring better training and policies.

Another increasing source of threats: compromised partners or members of an organization’s supply chain.  Despite some well known instances, only about one-quarter of respondents say they are evaluating the security posture of third-party partners.  This is another area that will require greater scrutiny going forward.

What Steps Are Being Taken to Stop Cybersecurity Events

When it comes to the actions being taken to stop hackers and improve cybersecurity, the list of Top 10 activities include things we all know well.

10 Most Effective Security Policies/Procedures for Deterrence

Source: 2015 U.S. State of Cybercrime Survey

While this list is a great start, more must be done. Better planning for mitigating a cyber security event is needed, along with greater scrutiny of partners and members of the supply chain.  In addition, there must be an increased focus on stopping threats from employees and end users.


The 2015 U.S. State of Cybercrime shows clearly that CSOs must not only stay highly vigilant and deploy new tools to stop the latest threats, but they must also pay more attention to managing, quantifying and mitigating incidents, as these continue to surge.  The survey makes plain that attackers are getting more clever all the time, and they’re enabled by the increased resources at their disposal.  Much of their activity is now focused on compromising employees/users as the gateway into corporate systems.  The result is that CSOs must continue to deploy proven, effective security measures, while adding new procedures as employees and users become more common targets and the likelihood of a breach nears certainty.

To learn more about enterprise security, go to https://www.hpe.com/us/en/solutions/protect-digital.html.


aaron goldbergAaron Goldberg is a renowned industry analyst and marketing strategy consultant for B2B information technology, spending more than 35 years working with senior executive management, marketing, and sales teams of IT Vendors, as well as IT Executives at end user organizations.  He has also been a regular columnist covering computer and technology trends and issues. He is well-known for his succinct and realistic style, and his ability to distill the key drivers for customers, marketers, and IT staff.