Ponemon Institute: External Cyber Attacks Cost Enterprises $3.5M/year, 79% of Businesses Lack Comprehensive Strategies to Manage these Risks

Study Reveals Majority of CISOs and CIOs Recognize Risk of Material Attacks that Originate on the Internet, but Need Better Resources & Infrastructure to Identify & Mitigate Threats

TORONTO--()--Despite acute awareness of the millions of dollars in annual costs, and the business risks posed by external internet threats, security leaders highlight the lack of staff expertise and technology as a key reason that these attacks are unchecked, according to results from a new Ponemon Institute study sponsored by BrandProtect. Seventy-nine percent of the IT and IT security practitioners polled indicated their defensive infrastructure to identify and mitigate those threats are either non-existent, ad hoc or inconsistently applied throughout the enterprise. The findings reveal that the companies represented in this research averaged more than one cyber attack per month and incurred annual costs of approximately $3.5 million because of these attacks.

The report “Security Beyond the Traditional Perimeter,” sponsored by internet risk detection and mitigation expert BrandProtect, examined the threats, costs and responses of companies to external internet cyber attacks. These threats include executive impersonations, social engineering exploits, and branded attacks arising outside a company’s traditional security perimeter. Security professionals cited an acute need for expertise, technology, and external services to address their growing concerns about these external threats.

Some of the key findings include:

  • Fifty-nine percent of respondents say the protection of intellectual property from external threats is essential or very important to the sustainability of their companies.
  • External internet attacks are frequent and the financial costs of these attacks are significant. Respondents in this study report they experienced an average of 32 material cyber attacks or slightly more than one per month, costing their companies an average $3.5 million annually.
  • Seventy-nine percent of respondents described their security processes for internet and social media monitoring as non-existent (38 percent), ad hoc (23 percent) or inconsistently applied throughout the enterprise (18 percent).
  • Sixty-four percent of security leaders (directors or higher) feel that they lack the tools and resources they need to monitor, sixty-two percent lack the tools and resources they need to analyze and understand, and sixty-eight percent lack the tools and resources they need to mitigate external threats.

“The majority of security leaders understand that these external internet threats imperil business continuity,” said Larry Ponemon, president of the Ponemon Research Institute. “The study highlights a gap in defenses against threats that have proven to be extremely effective for cyber criminals and costly for enterprises.”

“As external threats explode in both frequency and sophistication, forward-leaning security teams are actively prioritizing external threat detection, intelligence and mitigation in their objectives,” said Roberto Drassinower, CEO of BrandProtect. “But as evidenced in today’s report by the Ponemon Institute, the majority of enterprises still have a long way to go. Despite losing millions of dollars annually to external and branded exploits, security teams are dealing with a significant readiness gap.”

Security leaders agreed that monitoring the internet and social media is critical to gaining intelligence about external threats. Top monitoring priorities include mobile app monitoring (cited by 62 percent of respondents), social engineering and organizational reconnaissance (61 percent of respondents), branded exploits (59 percent of respondents) spear-phishing infrastructure (58 percent of respondents), and executive and high value threats (54 percent of respondents.)


  • On Thursday, July 21st, Larry Ponemon will formally present the results of the study in a live webcast presented from 1:00 p.m. – 2:00 p.m. Eastern Time. Register for this webcast here.
  • To download the executive summary of the 2016 Ponemon Research Institute report, please click here.
  • Hear from BrandProtect experts on how businesses can protect their rights, revenues and reputations online via its blog, and connect with the company on LinkedIn and Twitter.

About the Ponemon Institute

Ponemon Institute conducts independent research on privacy, data protection and information security policy. Our goal is to enable organizations in both the private and public sectors to have a clearer understanding of the trends in practices, perceptions and potential threats that will affect the collection, management and safeguarding of personal and confidential information about individuals and organizations. Ponemon Institute research informs organizations on how to improve upon their data protection initiatives and enhance their brand and reputation as a trusted enterprise.

About BrandProtect

BrandProtect provides a comprehensive suite of cyber risk detection, intelligence and threat mitigation solutions for enterprises. The company deploys a unique combination of advanced proprietary technology, overseen by a seasoned team of threat analysts, to quickly identify and mitigate fraudulent or unauthorized online activity, such as brand abuse and trademark infringement incidents, phishing attacks, mobile app schemes, Web traffic diversions, website integrity issues and defamatory discussions. BrandProtect helps security, governance, risk management, compliance and marketing organizations at leading financial services institutions, large-scale retailers, insurance providers, telecommunications operators and pharmaceutical companies protect their brand value and business bottom line. Learn more at www.brandprotect.com.


For BrandProtect
Brad Puffer, 617-275-6519


For BrandProtect
Brad Puffer, 617-275-6519