Skip to content
Menu
menu

New Research on Corporate Security Incidents

By Scott Briscoe
17 September 2019

Today in Security

A few months ago, Security Management partnered with Resolver on a research project that examined the types of security incidents that security directors face and how they track, analyze, and use the data.

The survey listed several types of security incidents and asked participants to assess the frequency of occurrence and the disruption that they caused. Overall, no single type of incident reached an average frequency of “sometimes,” which was defined as occurring once every three or four months. Likewise no type of incident reached an “average” level of disruption, which was defined as “business is impacted for a few hours.”

The types of incidents that occurred at an average of more than two or three times annually were:

  • Business Disruption (such as location outage; power outage; natural events such as flooding, storm, or tornado; and technology outages)
  • Employee-Related Incidents (HR violations, theft, embezzlement, fraudulent, or illegal behavior)
  • Cyber Incidents (lost/stolen devices, malware, phishing attacks, etc.)
  • Safety Threats (attack and assaults on employees, customers, or general public; active shooter incidents)
  • Facility-Related Incidents (trespassing, vandalism, damage)
  • Asset-Related Incidents (burglary, theft, tampering)

The types of incidents that were rated as a “light disruption (part of business impacted for a few minutes)” or worse were:

  • Business Disruption (such as location outage; power outage; natural events such as flooding, storm, or tornado; and technology outages)
  • Employee-Related Incidents (HR violations, theft, embezzlement, fraudulent, or illegal behavior)
  • Safety Threats (attack and assaults on employees, customers, or general public; active shooter incidents)
  • Facility-Related Incidents (trespassing, vandalism, damage)

Overall, there was a wide variety of the number of these incident types managed by security directors in the previous 12 months, largely correlated to the size of the enterprise being managed. The average number of all such incidents was a robust 643.* However, more than half of respondents reported managing fewer than 20 such incidents.

Of those who reported that there was a financial loss related to the incidents, 85 percent reported at least one loss of more than $1,000; 53 percent reported at least one loss of more than $10,000; 20 percent reported at least one loss of more than $100,000; and 11 percent reported at least one loss of more than $1 million.

One unlucky organization reported a total of five incidents, two of which resulted in losses of more than $10 million.

Resolver will be analyzing more results from the survey in a free Security Management webinar, "Using Data to Allocate Security Resources," on 08 October 2019 at 2 p.m. ET.

*The reported average includes only those who reported at least one incident and excluded one outlier.

arrow_upward