This post has been corrected.
Hackers are getting better and businesses are increasingly at risk, according to a new report from global security consultants PwC. Worryingly for corporate digital security chiefs, this problem is expected to get worse as the Internet of Things gains in popularity.
Here’s how bad corporate cybercrime is right now: The number of detected security incidents climbed 38% in 2015 compared to a year earlier, according to PwC, and has been growing at a steady double-digit clip over the last five years. The total number of incidents captured in the survey now stands at 59 million, although the true figure is likely to be much higher. “The numbers have become numbing … prevention and detection methods have proved largely ineffective,” says the PwC report.
These digital break-ins cost the global economy somewhere between $375 to $575 billion a year, according to a 2014 study (PDF) by the Center for Strategic and International Studies.
Breaches originating from cloud-connected devices devices jumped by 152% in 2015 compared to a year earlier, PwC says. That’s hacking of things like wearables, “smart” lighting systems and other embedded sensors in the corporate environment. And over the next five years, the world of such devices, or “Internet of Things” (IoT) is expected to grow from 13 billion devices to 30 billion, according to research firm IDC. That means there will be a lot more devices to hack.
The highly vulnerable nature of current IoT devices is the subject of a forthcoming report by Spanish carrier Telefónica. John Moor, an author of the report and director of the IoT Security Foundation, tells Quartz that insufficient regulatory oversight and safety standards from manufacturers are some of the reasons why IoT will be hacker-prone. Moor says websites like Shodan, a search engine with a dedicated section for unsecured webcams connected to the internet, are just the start of IoT’s security problems. “Everybody’s falling prey to it. It’s not just kids in rooms. The scale is large, the scope is everywhere,” he says.
Companies are responding by throwing more money at the problem. Security budgets have risen gradually, averaging around 3.5% since 2010, according to PwC. But companies spent much more last year, with average budgets rising by 24%, perhaps in response to a spate of high-profile hacks that included Sony Pictures and British telco TalkTalk. In a sign that companies are taking security more seriously, about half of all companies surveyed by PwC now have board-level discussions about the safety of their digital systems.
For vendors selling alarms, locks and remedies to increasingly nervous enterprises, business couldn’t be better. That’s what Andrey Nikishin, special project director for future technologies at security firm Kaspersky Lab, believes. Nikishin is another author of the Telefónica report, and he keeps IoT devices out of his home. “Where others see opportunity, I see threat,” he says.
According to Nikishin, the security industry began to stagnate five years ago, as anti-virus software was commoditized. But business is booming now, and he expects security to be high on corporate agendas in the coming years. “In five years, security will be seen as an investment, not a cost. Chief technology officers are now important members of the board. In five years, chief security officers will be the same,” he says.
Correction: A previous version of this post described Shodan as a search engine for webcams. It also offers search across other internet-connected devices.