The number of information security incidents detected by EMC respondents has steadily increased since 2014, reaching 7,674 this year—Total financial losses as a result of these incidents soared 81% in 2016.
EMC businesses are attempting to keep up with evolving cybersecurity and privacy risks by steadily increasing their information security investments. This year, EMC companies boosted security budgets More than half (52%) of respondents say that digitization of their business is driving security spending.
Businesses are adopting a new model of cybersecurity and privacy that both protects and enables the business, one that relies on a range of technologies that can be interconnected in the cloud. At the core of this approach are solutions like real-time monitoring, advanced authentication and Big Data analytics.
While open-source software is not a new technology, it does represent a radical shift in how businesses deliver and manage IT services. This year, more than half of EMC respondents say they use open-source software; of these, 45% say open-source has improved their cybersecurity and privacy program. The most-cited benefit, however, is simplified development and deployment of new IT projects.
Today, the vast majority of EMC companies employ cloud computing, with private cloud being the most common platform. While IT services are most often run in the cloud, EMC respondents are starting to entrust more sensitive workloads and data to providers. This year, one-third or more respondents say they run marketing and sales, customer service and purchasing functions in the cloud.
What’s more, 59% of businesses say they employ cloud-based managed security services to help integrate, manage and improve cybersecurity and privacy after they have been implemented. Many have adopted managed security services for initiatives such as authentication, data loss prevention, and identity and access management.
“Entertainment, media and communications companies continue to increase their information security budgets year over year and are adopting new technologies such as cloud computing, advanced authentication and managed security services. These advances may explain, in part, why EMC respondents detected a record number of security incidents in 2016: They are embracing new technologies to proactively detect and respond to cybersecurity compromises.”
Business email compromise and ransomware emerged as top threats while social engineering (or phishing) was cited as the number one vector of cybersecurity incidents among EMC companies.
And when it comes to theft of digital content, EMC respondents are most suspicious of external threat actors like hackers and hacktivists. More than half (52%) say these adversaries are most likely to lift digital content prior to a major launch, compared with employees (44%) and third-party vendors (39%). Whatever the source of theft, only 62% of respondents they have adequate in-house security expertise to secure Internet content distribution.
Stringent new data privacy regulations and increasing consumer expectations that personal information is securely stored and used are making data privacy an increasingly critical business requirement. As a result, EMC respondents plan to update key privacy initiatives over the next 12 months, including privacy policies, data governance, and employee privacy awareness and training.
Many organizations are also updating cybersecurity and privacy safeguards to address risks associated with the Internet of Things. Already, more than half (54%) of respondents either have an Internet of Things security strategy in place or are currently implementing one. Key IoT privacy initiatives earmarked for the coming year include data collection and retention policies, consumer data privacy protection and employee training for IoT security and privacy practices.