Aktuelles
RESEARCH: Security breaches cost US business $30 billion per year, and security leaders are being held personally liable
November 2024 by Panaseer
New research from Panaseer has revealed that cybersecurity control failures cost businesses $30 billion per year. Only half of security leaders fully trust the numbers they are reporting to regulators and the board, with many turning to personal indemnity insurance to cover their backs.
Global regulators are tightening the screws on security teams after a series of high-profile attacks, even holding individuals accountable for security failings - for instance, the SEC charges against SolarWinds’s CISO, Timothy G. Brown, for alleged fraud and control failures. Against this backdrop, Panaseer’s study, which surveyed 400 security decision makers (SDMs) from the US and UK, reveals:
The billion $ cost of cybersecurity control failures: 61% of organizations have suffered a security breach in the past year because their policies, governance and controls failed or were not working effectively. This is costing US businesses a total of $30 billion per year. As a result, 90% of SDMs say they’re being expected to provide greater assurances specifically around security control performance.
Pressure is mounting but many security leaders don’t trust their numbers: 85% of SDMs are facing greater scrutiny from the board. 57% say they are constantly being asked to provide assurances but lack the trusted data they need to provide them – while only 55% are fully confident that data presented to senior management and the board is fully accurate.
The industry has mixed reactions to being held personally accountable for security failings: 75% of security leaders feel greater personal liability for security failures now compared to two years ago. 44% think it be a good thing, as it will lead to higher standards in the industry, with 31% primed to use it to get a pay rise. However, one in four think it’s ’unfair’ and it makes them ’angry’ – with 15% saying they have considered leaving the industry.
Personal indemnity insurance is a must-have – but some may not be as protected as they think: 72% of security leaders have taken out personal indemnity insurance in the past year to protect themselves from the consequences of security failures, and a further 20% are looking into it. However, just 34% of those with insurance have it in perpetuity; leaving them vulnerable if they leave their current company.
