The number of security incidents detected by firms globally rose 25% during the past 12 month period to 3,741, but many are defending future threats with yesterday's strategies.
PwC's latest survey, The Global State of Information Security Survey 2014, carried out in collaboration with CIO and CSO magazines, revealed that the number of executives who are unaware of the number of cyber attacks has doubled during the past two years.
Despite rise in security spending and deployment of enhanced technology protections, processes, and strategies, firms have been outpaced by their adversaries, the report outlined.
PwC Advisory principal for cybersecurity Mark Lobel said that the latest survey results reveal that while there have been improvements in security at companies today-which is a positive sign-many organisations are lagging their opponents, and this poses significant problems for the future.
"It is essential that executives actively re-evaluate and update their security strategies and practices on a continual basis to keep pace with today's threat actors," Lobel said.
"Without an agile approach to information security, organisations will be under prepared for the evolving and increasingly sophisticated attacks that may be more complicated, complex, and damaging."
The rise in deployment of smart phones, tablets, the 'bring your own devices' (BYOD), and cloud computing have increased risks associated with security, so far efforts to execute mobile security programmes have not reported any gains over previous year, while continue to follow rising mobile device usage.
Out of the overall 47% of surveyed executives who use cloud computing, about 59% claim rise in security, while 18% seek provisions for cloud in their security guidelines.
The survey noted that majority of respondents have implemented conventional security protection, while they would not deploy tools that deal with data and networks to offer real-time intelligence about latest risks.
PwC Global and US Advisory Cybersecurity leader David Burg said that integrated security should be a pivotal part of an organisation's business agenda and organisational culture - and every employee, supplier and partner should understand and agree to follow your security policy.
"Building and sustaining a culture of security awareness will also require the full support of top executives, including the CEO and board members," Burg said. "It cannot happen without them."
Lack of capital funding topped the list of obstacles to enhance security, followed by deficient vision on the impact of future business on security and lack of guidance from the CEO or Board.
PwC Advisory principal for cybersecurity Gary Loveland said a new model of information security is needed, one that is driven by knowledge of threats, assets and the motives and targets of potential adversaries.
"You can't fight today's threats with yesterday's strategies," Loveland said.
Absolute® Software specialises in technology and services for the management and security of mobile computers and smartphones.
Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...