Skip to main content

Managing Cyber Risks in an Interconnected World

by Andrew Gordon on Tuesday March 21, 2017

Contact Us
Free Demo

PwC Cyber Expert Looks at the Key Findings of the 2015 Global State of Information Security Survey

According to a recent survey, the total number of security incidents detected climbed to 42.8 million this year. That’s the equivalent of 117,339 attacks per day, every day for the year.

That recent survey was PwC, CIO, and CSO’s annual Global State of Information Security® Survey which was released at the beginning of October. In its 17th year, the survey included results from 9,700 respondents (C-suite, executive, and director level), from 154 countries, representing companies from all industries with revenue sizes from small to $1billion plus.

While the entire report is a must read, here are a few of the key findings.

Larger companies detected more incidents – the survey’s sample of large companies (gross annual revenues of $1 billion or more) detected 44 percent more incidents compared to the previous year. This is great news for the large companies but medium-size companies (revenues of $100 million to $1 billion) are the real winners. They showed a 64 percent improvement in detecting more compromises than 2013.

However, small companies (revenues less than $100 million) detected 5 percent fewer incidents this year. These numbers become even more important because these companies never stand alone. Via business partnerships or collective services, these organisations are connected which can mean that the incidents of medium to small organisations can create gateways into the large organisations.

The financial cost of security incidents is also rising which won’t surprise anyone who has following the almost daily media reports associated with new security breaches.

The report states that the annual estimated reported average financial loss attributed to cybersecurity incidents was $2.7 million. That’s just the average but it’s a jump of 34 percent from the previous year. Equally concerning is the proportion of companies reporting financial hits of $20 million or more has increased 92 percent over 2013. These numbers could be even higher (billions or potentially trillions) if the value of certain information such as intellectual property and trade secrets could be quantified.

Organisations of all sizes are worried about the rising cybercrimes, but they are not showing it where it matters most: their budget. Despite the elevated risks and financial loss, the Survey showed that security budgets have declined. Global IS budgets decreased 4% compared to 2013. When compared to the percentage of the total IT budget, security spending has remained stalled at 4% or less for the past five years. In PwC’s separate report, US State of Cybercrime Survey 2014, a significant correlation was found between the level of spending and the number of events detected, but that seems to be in direct conflict to what organisations are actually doing.

The complete report can be downloaded from the PwC dedicated website -

About Andrew Gordon

Andrew is a Partner in PwC's Cyber practice in Australia and works with clients in mining, financial services and Government sectors helping them with their information security needs. Andrew has twenty-one years experience that includes seven years in the banking sector. Andrew has presented to Industry Forums and security conferences throughout Asia on information security issues.

Tags:  Cyber Security

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.