According to a recent survey, the total number of security incidents detected climbed to 42.8 million this year. That’s the equivalent of 117,339 attacks per day, every day for the year.

That recent survey was PwC, CIO, and CSO’s annual Global State of Information Security® Survey which was released at the beginning of October. In its 17th year, the survey included results from 9,700 respondents (C-suite, executive, and director level), from 154 countries, representing companies from all industries with revenue sizes from small to $1billion plus.

While the entire report is a must read, here are a few of the key findings.

Larger companies detected more incidents – the survey’s sample of large companies (gross annual revenues of $1 billion or more) detected 44 percent more incidents compared to the previous year. This is great news for the large companies but medium-size companies (revenues of $100 million to $1 billion) are the real winners. They showed a 64 percent improvement in detecting more compromises than 2013.

However, small companies (revenues less than $100 million) detected 5 percent fewer incidents this year. These numbers become even more important because these companies never stand alone. Via business partnerships or collective services, these organisations are connected which can mean that the incidents of medium to small organisations can create gateways into the large organisations.

The financial cost of security incidents is also rising which won’t surprise anyone who has following the almost daily media reports associated with new security breaches.

The report states that the annual estimated reported average financial loss attributed to cybersecurity incidents was $2.7 million. That’s just the average but it’s a jump of 34 percent from the previous year. Equally concerning is the proportion of companies reporting financial hits of $20 million or more has increased 92 percent over 2013. These numbers could be even higher (billions or potentially trillions) if the value of certain information such as intellectual property and trade secrets could be quantified.

Organisations of all sizes are worried about the rising cybercrimes, but they are not showing it where it matters most: their budget. Despite the elevated risks and financial loss, the Survey showed that security budgets have declined. Global IS budgets decreased 4% compared to 2013. When compared to the percentage of the total IT budget, security spending has remained stalled at 4% or less for the past five years. In PwC’s separate report, US State of Cybercrime Survey 2014, a significant correlation was found between the level of spending and the number of events detected, but that seems to be in direct conflict to what organisations are actually doing.

The complete report can be downloaded from the PwC dedicated website - pwc.com/gsiss2015.

About Andrew Gordon

Andrew is a Partner in PwC's Cyber practice in Australia and works with clients in mining, financial services and Government sectors helping them with their information security needs. Andrew has twenty-one years experience that includes seven years in the banking sector. Andrew has presented to Industry Forums and security conferences throughout Asia on information security issues.