Cisco has revealed the mounting cost of data breaches to businesses, saying companies are losing 20% of revenues and new customer business as a consequence of hackers stealing or accessing data.
The company's Annual Cybersecurity Report 2017 also explained that although 90% of companies have started improving their threat defences, they still have security gaps in which hackers can break into their systems.
Worryingly, companies only have the resources to investigate 56% of the security alerts they receive, meaning many threats are not being combatted at the point of entry. A third of these turn out to be serious threats, which should be investigated at the first indication of a security risk.
"In 2017, cyber is business, and business is cyber - that requires a different conversation, and very different outcomes," John Stewart, senior vice president and chief security and trust officer, Cisco.
"Relentless improvement is required and that should be measured via efficacy, cost, and well managed risk. The 2017 Annual Cybersecurity Report demonstrates, and I hope justifies, answers to our struggles on budget, personnel, innovation and architecture."
Some of the problem areas are hackers introducing new methods of attack to evade detection, organisations adopting cloud applications that aren't secure and adware, which infected 75% of the organisations investigated by Cisco.
Cisco's report also revealed the amount of time it's taking companies to realise there's a threat. It claimed companies using its security products have reduced the time of detection from 14 hours at the beginning of 2016 to just six hours in 2016.
"One of our key metrics highlighted in the 2017 Annual Cybersecurity Report is the time to detection' the time it takes to find and mitigate against malicious activity," David Ulevitch, vice president and general manager of security business at Cisco. "We have brought that number down to as low as six hours. A new metric the time to evolve' looked at how quickly threat actors changed their attacks to mask their identity.
"With these and other measures gleaned from report findings, and working with organisations to automate and integrate their threat defense, we can better help them minimize financial and operational risk and grow their business."
