Ponemon surveyed 645 IT and IT security practitioners directly involved in their company's efforts to detect and contain malware at US businesses with an average of more than 14,000 employees.
"The findings of this research reveal that current solutions are not stopping the growth of web-borne malware," said Dr. Larry Ponemon, chairman and founder of Ponemon Institute.
"Almost all IT practitioners in our study agree that their existing security tools are not capable of completely detecting web-borne malware and the insecure web browser is a primary attack vector. Further, the findings are evidence of the need for a more effective solution to stop web-borne malware." Although all of the companies surveyed deploy a multi-layer, defense-in-depth security architecture, these organizations still experienced an average of 51 security breaches over the past 12 months. This is due to the failure of detection-based security technologies in preventing browser-borne malware.
Findings reveal the average cost to respond to and remediate just one security breach resulting from failed malware detection technology to be approximately $62,000 per breach, exclusive of fraud-related costs and impact on valuation. Ponemon estimates that such attacks and infections have cost participating organizations an average of $3.2 million to remediate a security breach caused by web-borne malware.
Other Key Findings:
"While the Web browser has become the most strategically important application on corporate desktops, it is also, unfortunately, the most vulnerable application in terms of being a delivery channel for malware leading to cyber attacks," said Branden Spikes, CEO, CTO, and Founder, Spikes Security. "What many organizations forget is that the browser is the only application that is permitted to download and execute code from a 3rd party location -- any external web site. Every time you allow unknown code into your network, you put yourself and your business at risk. This is why browser isolation outside the network is so important. It is the only way to prevent this problem."
A reflection of today's current technologies uses to protect organizations, 74 percent of those surveyed strongly agree or agree that traditional detection-based technologies are becoming ineffective in stopping these attacks. Additionally, only 31 percent of respondents strongly agree or agree that commercial browsers contain effective security tools for blocking web-borne malware.
Detailed Survey Findings and Analysis