Survey Finds Enterprise Data Breaches Are Significantly Underreported


According to the results of a recent survey of 200 security professionals dealing with malware analysis within U.S. enterprises, 57 percent of respondents said they have investigated or addressed a data breach that was never disclosed by their company.

And that's even more true at larger organizations -- at companies with more than 500 employees, 66 percent of respondents said they had handled undisclosed data breaches.

The survey, conducted by Opinion Matters on behalf of ThreatTrack Security in October 2013, also found that 40 percent of respondents said one of the most difficult aspects of defending their company's network was the fact that they don't have enough highly-skilled security personnel on staff.

Fifty-two percent of respondents said it typically takes them more than two hours to analyze a new malware sample, while just 4 percent said they're capable to analyzing a new malware sample in less than one hour. Thirty-five percent said one of the key challenges in defending their organization from advanced malware is the lack of access to an automated malware analysis solution.

"While it is discouraging that so many malware analysts are aware of data breaches that enterprises have not disclosed, it is no surprise that the breaches are occurring," ThreatTrack CEO Julian Waits, Sr., said in a statement. "Every day, malware becomes more sophisticated, and U.S. enterprises are constantly targeted for cyber espionage campaigns from overseas competitors and foreign governments."

"This study reveals that malware analysts are acutely aware of the threats they face, and while many of them report progress in their ability to combat cyber-attacks, they also point out deficiencies in resources and tools," Waits added.