The yesterday released report In the Crossfire: Critical Infrastructure in the Age of Cyberwar, commissioned by McAfee, was conducted among 600 IT security executives from critical infrastructure enterprises across seven sectors in 14 countries across the globe (US, UK, Japan, China, Germany, France, Italy, Russia, Spain, Brazil, Mexico, Australia and Saudi Arabia). The Center for Strategic and International Studies (CSIS) analyzed the quantitative results, conducted additional qualitative research and authored the report.
It found that more than half (54 percent) have already suffered large scale attacks or stealthy infiltrations from organized crime gangs, terrorists or nation-states. According to McAfee the average estimated cost of downtime associated with a major incident is $6.3 million per day.
The report found that the risk of cyberattack is rising. Despite a growing body of legislation and regulation, 37 percent said the vulnerability of their sector had increased over the past 12 months and 40 percent expect a major security incident within the next year. Only 20 percent think their sector is safe from serious cyberattack over the next five years.
Dave DeWalt, president and CEO of McAfee: “From public transportation, to energy to telecommunications, these are the systems we depend on every day. An attack on any of these industries could cause widespread economic disruptions, environmental disasters, loss of property and even loss of life. The recently identified Operation Aurora was the largest and most sophisticated cyberattack targeted at specific corporations, but it could have just as easily targeted the world’s critical infrastructure. The attack announced by Google and identified by McAfee was the most sophisticated threat seen in years making it a watershed moment in cybersecurity because of the targeted and coordinated nature of the attack.”
Other key findings:
- More than a third of those surveyed believe their sector is unprepared to deal with major attacks or stealthy infiltrations by high-level adversaries. Saudi Arabia, India and Mexico emerge as the least confident.
- Two thirds of IT executives surveyed claimed that the current economic climate has caused cutbacks in the security resources available. One in four said resources had been reduced by 15 percent or more. Cuts are particularly evident in the energy and oil/gas sector.
- 60 percent of those surveyed believe representatives of foreign governments have been involved in past infrastructure infiltrations. In terms of countries that posed the biggest threat to critical infrastructure security, the United States (36 percent) and China (33 percent) topped the list.
- 55 percent believe that the laws in their country are inadequate in deterring potential cyberattacks with those based in Russia, Mexico and Brazil the most sceptical. 45 percent don’t believe that the authorities are capable of preventing or deterring attacks.
- More than half of those surveyed expected insurance to pick up the cost of a cyberattack while nearly one in five said it would fall on rate-payers or customers. Just over a quarter expected a government bail-out.
(Source: McAfee, Inc./GST)