A study by Kaspersky Lab focuses on the damage resulting from a cybersecurity incident, with the main threat being the exposure or loss of sensitive company or client data.

The report – Business Perception of IT Security: In the Face of an Inevitable Compromise – found that just over half of the companies surveyed think that an IT security breach is inevitable and that they need to prepare for such an event. A large majority of businesses – four out of five – say that protecting their data is their top priority. In total, the report looked at data from more than 4,000 businesses in 25 countries, asking about their perceptions of the main security threats they face and the measures used to combat them.

Mobile devices are an Achilles' heel

The use of mobile devices and smartphones is growing rapidly in more than a third of businesses worldwide but these mobile devices, including tablets and laptops, pose a serious threat to company data and security. The graph below shows that the use of mobile devices are one of the main IT security threats that businesses face. The inappropriate sharing of data on mobile devices and the loss of mobile devices are two of the most pressing problems, which can expose the company to risk of exposure of loss of sensitive data.

The most costly data breaches

The report also looked at the causes behind some of the most costly data breaches and found that the main cause was virus/trojan/malware – however, most companies are also confident of being prepared to protect themselves from these types of threats. A significant percentage of companies – 15 per cent – were also put at risk of an IT security breach because of employee error, as shown in the graph below. Targeted attacks were behind 5 per cent of the most costly data breaches and, conversely, data loss or theft was the most common outcome of a targeted attack (68 per cent of targeted attacks resulted in compromised or lost data).

The key findings from the report include:

• only half (52 per cent) agree that IT security will be compromised at some point so they need to prepare for these events;
• data protection is the top priority, with 80% of businesses saying that this is their major concern;
• 54 per cent of businesses say they face challenges understanding how to address inappropriate usage or sharing data via mobile devices, the most vulnerable area of expertise facing organisations;
• overall, 37 per cent of businesses experienced at least one phishing attack, 17 per cent of businesses had suffered from a DDoS attack and 20 per cent of businesses worldwide reported an incident involving ransomware;
• the most prevalent security incident was data loss due to a cybersecurity incident, experienced by 43 per cent of businesses.

---

CTMfile take: This report by Kaspersky Lab shows there are some security threats that go beyond what IT can do. Mobile devices and employee carelessness pose some of the biggest risks to sensitive data.