State of Cybercrime
www.CSOonline.com
SURVEY METHOD
TOTAL
RESPONDENTS
MARGIN OF ERROR
+/- 4.3%
AUDIENCE BASE
CSOonline.com
COLLECTION
Online Questionnaire
TOTAL QUESTIONS
62
SURVEY GOAL
U.S. State of Cybercrime Survey is
conducted annually to gain insight and
evaluate trends in the frequency and
impact of cybercrime incidents,
cybersecurity threats, information
security spending. Additionally, the study
examines the risks of third-party
business partners in private and public
organizations.
Source: The 2015 U.S. State of Cybercrime Survey, in partnership with PwC, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon University
Q: Are you more concerned or less concerned about cybersecurity threats posed to your organization this year (2015) than those you encountered the previous year (2014)?
Q: Please estimate the total monetary value of losses your organization sustained due to cybercrime and advanced persistent threats during the past 12 months including those costs
associated with resolving all issues associated with the incident.
Source: The 2015 U.S. State of Cybercrime Survey, in partnership with PwC, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon University
Enterprise (1,000+)
Remained
the Same
35%
SMB (<1,000)
Increased
Remained theRemained
55%
the Same
Same
Increased
35%
60%
Decreased
9%
Decreased
5%
Q: Compared to the previous year's security budget, how did this past year's security budget change?
Q: What was your organizations approximate annual IT Security budget for security products, systems, services, and/or staff for each of the following areas during the last 12 months (January 2014-2015)?
Source: The 2015 U.S. State of Cybercrime Survey, in partnership with PwC, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon University
49%
45%
44%
35%
35%
32%
30%
17%
New technologies
Enterprise (1,000+)
Redesign
cybersecurity strategy
14%16%
Redesigning
processes
18%
11%
Particpating in
knowledge sharing
SMB (<1,000)
Source: The 2015 U.S. State of Cybercrime Survey, in partnership with PwC, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon University
40%
23%
Third-party
vendors
Contractors
Software
Suppliers
Q: Please identify all areas where you consider supply chain/ business ecosystem risks?
Q: On average, how often do you evaluate the security of supply chain/business ecosystem partners with which you share data or network access?
Source: The 2015 U.S. State of Cybercrime Survey, in partnership with PwC, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon University
82%
76%
76%
74%
Electronic access
control systems
Network-based
anti-virus
Access controls
5 MOST
EFFECTIVE
SOLUTIONS
Firewalls
SPAM filtering
Very effective
Somewhat effective
32%
5 LEAST
EFFECTIVE
SOLUTIONS
Manual patch
management
19%
18%
Change control/
configuration
management
systems
Wireless
monitoring
17%
17%
Q: How effective do you consider each of the following technologies in place your organization in detecting and/or countering security events?
Source: The 2015 U.S. State of Cybercrime Survey, in partnership with PwC, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon University