Cybercrime may be underreported, new study shows

Cybercrime may be drastically underreported, according to cybersecurity professionals in the ISACA’s new study.

The study, which surveyed over 1500 cybersecurity professionals worldwide, found that 75% of respondents believe most enterprises intentionally underreport cybercrime.

Alarmingly, 50% of all respondents believe this is true, even of companies that are legally required to report such incidents.

The finding casts doubt on the study’s assertion that attack frequency may be stabilising — where 46% of respondents reported increased attacks in 2018, compared to 50% in 2017 and 7% reported a decrease, compared to 6% the previous year.

Additionally, 79% of professionals still think it’s likely they’ll experience an attack in 2019.

Despite these expectations of a potential attack, which is most likely to occur through phishing, malware or social engineering, only 34% of cybersecurity leaders have high levels of confidence in their team’s ability to detect and respond to cyber threats.

HCL’s Fellow and Chief Architect, Cybersecurity and GRC, Renju Varghese, believes this is due to cybersecurity’s siloed and static approach.

“Many teams are missing significant attacks because they don’t have the size or expertise to keep up with attackers. Moreover, their existing security tools and processes are segregated and seldom work in tandem,” he said.

ISACA’s Director of Cybersecurity Practices, Frank Downs, said that implementing a cyber reporting structure and analysing prevalent attack methods and team readiness through continuing professional education could combat this.

Additionally, Downs believes that governance could also play a big role in teams’ confidence levels in cybersecurity — with the report showing that teams reporting to CISOs had higher levels of confidence than those reporting to CIOs.

Image credit: ©stock.adobe.com/au/smolaw11