Study finds 90% of business were hacked in the last year

According to a recent study, 90 percent of United States businesses have fallen victim to some sort of cyber security breach in the last 12 months. The study, conducted by Ponemon Institute for Juniper Networks, surveyed 583 businesses and revealed this staggering statistic in the midst of many recent cyber hacks.

Not only have 90% of businesses suffered at least one breach in the past 12 months, but 59% also claim that they have been hacked twice or more in the 12 month time period. Companies report that these breaches have cost at least half a million dollars to fix in terms of revenue loss, cash outlays, business disruption and other expenses. Again, 59% of respondents claimed that the worst consequences of the attacks were theft of information, followed by business disruption in second place.

Only 11% of the surveyed businesses claimed they knew the source of the breaches to their networks. 77% said the attacks are becoming more difficult to detect or contain, and 34% of companies stated they have a low confidence in their IT infrastructure to prevent future attacks. 43% responded saying there has been a significant increase in the amount of attacks in the past 12 months. Employee mobile devices and laptops are believed to be the most likely entry point through which serious attacks are unleashed.

Dr. Larry Ponemon, chairman and founder of Ponemon Institute who carried out the investigation, said that “our survey research provides evidence that many organizations are ill-equipped to prevent cyber-attacks against networks and enterprise systems” and “conventional network security methods need to improve in order to curtail internal and external threats.” You can view the institute’s 25-page report on business cyber breaches here (PDF).

Report a problem with article
Previous Story

Rumor: 7 inch HP TouchPad coming in August?

Next Story

Rumor: Sony to reveal Playstation 4 in 2012?

16 Comments

Commenting is disabled on this article.

Its the 2k bug all over again, IT peeps screaming they need this that and the other and then when nothing happens IT peeps are in the shi**er and then IT jobs get less pay as bosses think we are just a bunch of feckers.

Stup0t said,
Its the 2k bug all over again, IT peeps screaming they need this that and the other and then when nothing happens IT peeps are in the shi**er and then IT jobs get less pay as bosses think we are just a bunch of feckers.

If not for the work put by millions fixing 2k bug, you wouldn't have been able to write your post today.

From a quick look at their site & Ponemon's blog it seems the Ponemon Institute may be more *Hired Guns*. Obviously when you do research for hire, your biz is dependent on keeping clients happy. This is basic stuff -- NYTimes "The Learning Network" http://goo.gl/LicoR & the National Council on Public Polls article they reference http://goo.gl/lW0nv .

SO... we've got a report from folks who make their living selling reports, & it says that out of 20k+ people asked, a couple of percent had time on their hands to respond, 15% of those are deleted, with the results packaged so the clients happily write their check. That rejected 15% might have really messed up their nice bar chart if they all reported 0 breaches [raising that total to 25%].

Missing is real data on how that original 20k+ was pre-qualified, what's the IT size/footprint of companies they talk about [a small branch of a int'l company may have 2 PCs], & what were the actual qualifications & professional status of the respondents, e.g. an inventory supervisor might have heard a rumor & fill in the blanks based on that.

IMHO the scary part is how excerpts from this Ponemon report might be used out of context to justify whatever -- generating headlines in one thing, setting billing or policies is quite another.

mikiem said,
From a quick look at their site & Ponemon's blog it seems the Ponemon Institute may be more *Hired Guns*. Obviously when you do research for hire, your biz is dependent on keeping clients happy. This is basic stuff -- NYTimes "The Learning Network" http://goo.gl/LicoR & the National Council on Public Polls article they reference http://goo.gl/lW0nv .

SO... we've got a report from folks who make their living selling reports, & it says that out of 20k+ people asked, a couple of percent had time on their hands to respond, 15% of those are deleted, with the results packaged so the clients happily write their check. That rejected 15% might have really messed up their nice bar chart if they all reported 0 breaches [raising that total to 25%].

Missing is real data on how that original 20k+ was pre-qualified, what's the IT size/footprint of companies they talk about [a small branch of a int'l company may have 2 PCs], & what were the actual qualifications & professional status of the respondents, e.g. an inventory supervisor might have heard a rumor & fill in the blanks based on that.

IMHO the scary part is how excerpts from this Ponemon report might be used out of context to justify whatever -- generating headlines in one thing, setting billing or policies is quite another.

Your post should appear in the conspiracy forum together with anti-virus companies write viruses and security companies hack businesses to sell them security hardware & software.

Here is another report by Ponemon : cost of cyber crime of 45 organizations studied is $3.8 million per year. The range was $1 million to $52 million per year per company.

“The companies in our study experienced 50 successful attacks per week and more than one successful attack per company per week,” the report states.

On average, Ponemon found, companies expend $247,757 every 14 days or $17,696 per day per attack. The average amount of time to resolve a malicious code attack is 39 days; 30 days to deal with malicious insiders, and 19 days to resolve a Web attack.

http://www.insurancenetworking...t_risk_Ponemon-27123-1.html

Awful article. People should really just skip this and go read the report for themselves, it's 90% of the respondents not 90% of US businesses, and it's only 41% of respondents that valued the losses at half a million or more. Also, they define a hack as a successful security breach.

90% of the sampled businesses, isn't it? To claim that 90% of all US businesses have been hacked from a survey of a small sample (583 businesses) is a little bit of hyperbole I think.

Duality said,
90% of the sampled businesses, isn't it? To claim that 90% of all US businesses have been hacked from a survey of a small sample (583 businesses) is a little bit of hyperbole I think.

If the sampling methodology is sound, it's perfectly legit. They predict election outcomes to within tenths of a percent with even smaller sample sizes (when comparing the number of businesses relative to the number of voters).

Duality said,
90% of the sampled businesses, isn't it? To claim that 90% of all US businesses have been hacked from a survey of a small sample (583 businesses) is a little bit of hyperbole I think.

But that's how surveys are conducted. You take a small, random sample of what ever it is you are surveying, survey them, and that is the base principle for the rest of the group. For instance 9-10 dentists recommend you use Colgate Toothpaste. They weren't going to ask every single dentist in the world if they recommend Colgate so they took a sample.

the worst problem is most small businesses have no idea how to know if they where hacked, nor can they afford intrusion detection software (but then the real intruders can get around that stuff)