More Than Half of Surveyed Companies Breached in 2017

New findings show a lack of confidence in respondents' ability to protect customer data.

By Roy Urrico | March 02, 2018 at 12:26 PM

More than half of surveyed companies – many with underbudgeted, overwhelmed cybersecurity initiatives – suffered a breach one or more times in 2017, according to new research from Boston-based Cygilant.

The hybrid security-as-a-service firm gathered its findings from a study conducted in late 2017 and early 2018. The survey reached more than 165 IT and security professionals at medium-sized companies, including more than 20% from the finance sector (more than any other industry) across the country for Cygilant's Q1, 2018 Cybersecurity Survey. They answered questions about cybersecurity budgets, infrastructure, employee training, and general readiness and ability to thwart breaches and cyberattacks.

As in Cygilant's 2017 Cybersecurity Survey, the new findings show a lack of confidence in respondents' ability to protect customer data, with only 16.6% very confident that they can successfully protect customer data. Sixty-eight percent of those surveyed cite a lack of company resources, including budget and time, as a top challenge.

"It's important that businesses understand the cybersecurity challenges they're facing, and no one knows these challenges better than the cybersecurity professionals on the front line working to prevent breaches and a loss of customer and corporate data on a daily basis," Neil Weitzel, director of security research, Cygilant, said. "The results from our new survey haven't changed dramatically from last year." Weitzel noted companies with understaffed and underfunded cybersecurity initiatives aren't providing the ongoing security awareness training to employees required to protect against relentless attacks by adversaries. "These new survey results confirm that companies are not taking the steps they should to build defenses around their customer data and continue to be vulnerable to cyberattacks."

Other findings include:

Fifty-three percent believe their company suffered one or more breaches in 2017.
More than 80% have underfunded IT security budgets or no budget at all.
Almost 17% are very confident in their ability to protect customer data.
Almost 15% are confident in current cybersecurity technologies.
Sixty-three percent conduct cybersecurity training once a year or less.
Almost 25% rate phishing and spam as a top five concern but have no formal employee awareness program.
Forty-six percent of organizations review their cybersecurity program with the board of directors or senior executives once a year or less.

NOT FOR REPRINT

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).

1 Federal Judge Sentences Former CU Employee for Money Vault Switch

2 Utah Credit Union Helps Police Bust a Family’s ATM Fraud Scheme

3 8 CU Industry Careers Propel Forward as One Concludes

4 Digital Age Dangers: Emerging Fraud Risks for Credit Unions & Members in 2025

5 Trade Group Pushes for NCUA’s Independence & Regulatory Pause at CFPB

GlobeSt. Multifamily Spring 2025
April 01, 2025 - New York

Join the industry's top owners, investors, developers, brokers & financiers at THE MULTIFAMILY EVENT OF THE YEAR!
More Information
GlobeSt. Net Lease Spring 2025
April 01, 2025 - New York

This conference brings together the industry's most influential & knowledgeable real estate executives from the net lease sector.
More Information
Consulting
The Rising Stars of the Profession 2025
April 03, 2025 - Chicago

Consulting magazine is proud to recognize this unique group of movers & shakers at our annual Rising Stars of Profession awards.
More Information