Banking Exchange Magazine Logo

Security breach incidents up 48% this year—and counting

Associated losses also rose, at a rate of 34%

Security breach incidents up 48% this year—and counting

The number of reported security incidents rose 48% this year to 42.8 million—which is the equivalent of 117,339 attacks per day, according to the Global State of Information Security Survey 2015, a worldwide survey by CIO, CSO, and PwC.

The survey data also indicates that the compound annual growth rate of detected security incidents has increased 66% year over year since 2009.

“It’s not surprising that reported security breach incidents and the associated financial impact continue to rise year-over-year,” says David Burg, PwC’s Global and US Advisory Cybersecurity leader. “However, the actual magnitude of these breaches is much higher when considering the nature of detection and reporting of these incidents.”

As security incidents grow in frequency, the associated costs of managing and mitigating breaches are also increasing. Globally, the estimated reported average financial loss from cybersecurity incidents was $2.7 million—a 34% increase over 2013. Big losses have been more common this year as organizations reporting financial hits in excess of $20 million rose 92%. While risk has become universal, the survey found that financial losses also vary widely by organizational size.

Despite elevated concerns, the survey found that global information security budgets actually decreased 4% when compared with 2013. In fact, security spending as a percentage of IT budget has remained stalled at 4% or less for the past five years. “Strategic security spending demands that businesses identify and invest in cybersecurity practices that are most relevant to today’s advanced attacks,” says Mark Lobel, PwC Advisory principal focused on information security. “It’s critical to fund processes that fully integrate predictive, preventive, detective, and incident-response capabilities to minimize the impact of these incidents.”

Organizations of all sizes and industries are aware of the serious risks involved with cybersecurity; however, larger companies detect more incidents. Large organizations—with gross annual revenues of $1 billion or more—detected 44% more incidents this year. Comparatively, medium-sized organizations—with revenues of $100 million to $1 billion—witnessed a 64% increase in the number of incidents detected.

“Large companies have been a more likely target for threat actors since they offer more valuable information, and thus detect more incidents,” says Bob Bragdon, publisher of CSO. “However, as large companies implement more effective security measures, threat actors are increasing their assaults on middle-tier companies. Unfortunately, these organizations may not yet have security practices in place to match the efficiency of large companies.”

Insiders have become the most-cited culprits of cybercrime—but in many cases, they unwittingly compromise data through loss of mobile devices or targeted phishing schemes. Respondents said incidents caused by current employees increased 10%, while those attributed to current and former service providers, consultants, and contractors rose 15% and 17%, respectively. “Many organizations often handle the consequences of insider cybercrime internally instead of involving law enforcement or legal charges. In doing so, they may leave other organizations vulnerable if they hire these employees in the future,” says Bragdon.

Meanwhile, high-profile attacks by nation-states, organized crime, and competitors are among the least frequent incidents, yet are among the fastest-growing cyber threats. This year, respondents who reported a compromise by nation-states increased 86%—and these incidents are also most likely under-reported. The survey also found a striking 64% increase in security incidents attributed to competitors, some of whom may be backed by nation-states.

Effective security awareness requires top-down commitment and communication, a tactic that the survey finds is often lacking across organizations. Only 49% of respondents say their organization has a cross-organization team that regularly convenes to discuss, coordinate, and communicate information security issues.

PwC notes that it is critical for companies to focus on rapid detection of security intrusions and having an effective, timely response. Given today’s interconnected business ecosystem, it is just as important to establish policies and processes regarding third parties that interact with the business.

“Cyber risks will never be completely eliminated, and with the rising tide of cybercrime, organizations must remain vigilant and agile in the face of a constantly evolving landscape,” says PwC’s Burg. “Organizations must shift from security that focuses on prevention and controls, to a risk-based approach that prioritizes an organization’s most valuable assets and its most relevant threats. Investing in robust internal security awareness policies and processes will be critical to the ongoing success of any organization.”

John Ginovsky

John Ginovsky is a contributing editor of Banking Exchange and editor of the publication’s Tech Exchange e-newsletter. For more than two decades he’s written about the commercial banking industry, specializing in its technological side and how it relates to the actual business of banking. In addition to his weekly blogs—"Making Sense of It All"—he contributes fresh, original stories to each Tech Exchange issue based on personal interviews or exclusive contributed pieces. He previously was senior editor for Community Banker magazine (which merged into ABA Banking Journal) and for ABA Banking Journal and was managing editor and staff reporter for ABA’s Bankers News. Email him at [email protected]

back to top


About Us

Connect With Us


Webinar: From KYC to IDV

How three leading banks are utilizing cutting-edge
digital tools to onboard, win, and wow customers

Time/Date: June 23, 2021 11:00 a.m. ET

Digital adoption, already moving at warp speed, accelerated seven years into the future during the COVID-19 pandemic. As the number of bank branches continues to fall, with at least one study predicting all branches will disappear by 2034 (Fox Business) and foot traffic declining (Vox), today’s most innovative banks are charting a new, digital-first path to win over customers while increasing security, meeting KYC compliance requirements, and winning customers to drive revenue.

In this webinar, you’ll hear from John Baird, Founder & CEO of Vouched, Tyler Crawford, COO of Bankers Healthcare Group, Anand Sathiyamurthy, CPO of Flagstar Bank and Daniel Sheehan, Chairman & CEO of Professional Bank as they describe their vision for digital transformation and how customer expectations are changing to digital first. They’ll also explore how fostering an innovation mindset creates new ways to tackle complex KYC problems and allows them to quickly compete in new markets and win customers.


This webinar is brought to you by:
Vouched Logo