A worryingly high 32% of organisation surveyed by business consultancy PwC confirmed they have been affected by cyber-crime.
PwC's Global Economic Crime Survey for 2016, which contacted more than 6,000 people in 115 countries, said that cyber-crime was the fastest growing type of criminal fraud, and the figures may be even worse than they appear because the security systems of some firms are so lax, they may not even be aware their system has been hacked and used for malicious purposes.
"The insidious nature of this threat is such that of the 56% who say they are not victims, many have likely been compromised without knowing it. A concerning trend we have observed is that of hackers managing to remain on organisations' networks for extended periods of time without being detected," the report disclosed.
Although just over half of the organisations who responded to the survey said they envisaged an increased risk of threats from hackers, crackers and other geeky criminals, only 37% have a cyber incident response plan in place.
Board members seem to be happy to live in blissful ignorance of the threat posed to their information technology (IT) systems, at least until obliged to go public with news of an embarrassing security breach.
PwC's report suggests directors are happy to leave it to the nerds in IT to sort out, which as one might expect of a company that offers consultancy services for security breaches, is not the best policy to pursue, according to PwC.
“Action on economic crime is not the responsibility of one person or team, it must be embedded within an organisation's culture," said Andrew Gordon, who leads the forensic services team at PwC.
“Cyber threats must be understood and planned for in the same way as any other potential business threat or disruption (such as acts of terrorism or a natural disaster): with a response plan, roles and responsibilities, monitoring and scenario planning," the report says.
Earlier this week, the Wall Street Journal (WSJ) reported that the message on cyber-security is at least getting through to US board rooms.
“Revenue for pure-play security-software companies tracked by Pacific Crest rose an average of 13% year over year. About 50% of reporting companies beat Wall Street revenue targets,” reported the WSJ's Dan Gallagher.
UK cyber-security firms are not doing so bad, either, judging by Corero Network Systems (LON:CNS), which last month landed a couple of big contract wins and which this week announced the beta launch of its cloud-based Corero SmartWall Network Threat Defense - Virtual Edition (vNTD Monitor).
The system can be deployed in front of any server or network, and monitors so-called DDos (distributed denial of service) events.
Well-publicised security breaches last year such as those suffered by ISP TalkTalk and pubs group JD Wetherspoon demonstrated that UK plc's IT systems are by no means foolproof.
One company that has always taken cyber-security seriously is Blackberry (TSE:BB, NASDAQ:BB), the smartphone maker that built its reputation with business users on the strength and safety of its email system.
It announced on Wednesday the launch of its new Professional Cybersecurity Services practice that will enlarge its security portfolio by offering organisations new consulting services, tools and best practices to assess and thwart ever-changing cyber-security risks.
The announcement coincided with the announcement that it had bought UK-based software and hardware systems security firm Encription for an undisclosed sum.
“We recognise that security vulnerabilities are a top risk concern for public and private sector organisations alike. The creation of our Professional Cybersecurity Services practice and acquisition of Encription reinforces our commitment to providing customers the industry’s most secure mobility solutions and helping them to assess and mitigate risks,” the Canadian company said.
Another report, however, suggests that the reliance of many cyber-security systems on encrypted keys and certificates is an area of weakness.
The report was compiled by cyber-security firm Venafi, so it clearly has an axe to grind, but its report of 500 chief information officers (CIOs) claims that CIOs blindly trust keys and certificates, because the security systems cannot differentiate between those keys and certificates that can be trusted and those that cannot.
“With a compromised, stolen, or forged key and certificate, attackers can impersonate, surveil [sic], and monitor their targets’ web sites, infrastructure, clouds, and mobile devices, and decrypt communications thought to be private,” said Kevin Bocek, president of Threat Intelligence and Security Strategy at Venafi.