Financial services firms take 98 days to detect cyber threats - retailers take 197 days
Ponemon Institute survey finds that more financial services firms share details about threats than retailers
Financial services firms take an average of 98 days to detect advanced cyber threats, while retailers take a whopping 197 days, according to a new Ponemon Institute Survey sponsored by security software provider Arbor Networks.
Moreover, 58 per cent of financial services firms and 71 per cent of retail organisations said that they were not optimistic about their ability to improve these results in the coming year.
These timescales are alarming, particularly with 83 per cent of financial services firms and 44 per cent of retail firms experiencing more than 50 attacks per month.
Dr Larry Ponemon, chairman and founder of the Ponemon Institute, said: "The time to detect an advanced threat is far too long; attackers are getting in and staying long enough that the damage caused is often irreparable."
The survey asked how organisations managed advanced threats and distributed denial of services (DDoS) attacks targeting their infrastructure, and how effective (or not) their IT investments are, among other details.
It found that 45 per cent of financial services firms and 34 per cent of retailers had implemented incident response procedures to contain advanced threats, while 43 per cent of financial services firms and 17 per cent of retailers say that they have established threat sharing with other companies or government entities.
There is a similar divide between the industries when looking at DDoS attacks - where 45 per cent of financial services firms have established threat sharing with other companies or government entities to minimise or contain the impact of DDoS attacks, compared to only 13 per cent of retailers.
This suggests that retailers are less willing to share information about threats with others, which could be a reason why it takes them 99 days longer to identify a cyber threat than their financial services counterparts.
In fact, financial services firms are more confident that they can contain DDoS attacks (48 per cent said they ‘strongly agree' or ‘agree' that they can contain them), compared to retail firms (39 per cent ‘strongly agree' or ‘agree').
The Ponemon Institute surveyed 844 IT and IT security practitioners from financial services organisations, and 675 from retail firms. The practitioners were from North America, and 14 countries in Europe, Middle East and Africa (EMEA).