A global survey commissioned by IT security vendor Symantec has found that it is near impossible to find a large enterprise that has not suffered some sort of loss from a cyber attack.
The survey, which talked to 2100 CIOs, security professionals and IT managers, found that 42 percent of enterprises ranked cyber risk as a scarier prospect than natural disasters, terrorism, and traditional crime combined.
Symantec claimed that 75 percent had experience cyber attacks in the last six months, and that around one in three expected the number of attacks to increase in the next 12 months.
Those surveyed by Symantec ran IT shops of at least 500 staff and included 125 organisations in Australia.
One in two organisations said they had experienced theft of corporate data or personally-identifiable customer data.
Nearly all (92 percent) of respondents said that such breaches cost the company - either in terms of productivity, revenue, loss of trust or damage to their brand.
Organisations said that combating attacks was costing around US$2 million a year.
Symantec area vice president Craig Scroggie said that while large organisations in Australia had "been vigilant" on IT security, "there was still some way to go" to harden their security postures.
Scroggie said that the move to as-a-service computing will create new security risks for large organisations.
"Organisations after decide what risks are acceptable," he said.
"If we are going to reduce the cost and complexity of the IT security landscape, but also give confidence, we need both policy and automation."
Scroggie said organisations should:
- Protect the infrastructure - at the level of endpoints, the web, messaging and apps - ensuring backup and recovery and visibility of the security posture are in place.
- Protect the data itself (beyond the infrastructure).
- Develop and enforce IT policies
- Manage the systems - keep patches up to date.