IBM Global Technology Services

Managed Security Services

IBM Security Services

Cyber Security
Intelligence Index
Analysis of cyber security attack and incident data from
IBMs worldwide security operations
Going beyond security intelligence
About this Report
IBM Managed Security Services
monitors tens of billions of events
per day for more than 3,700 clients in
more than 130 countries, 24 hours a
day, and 365 days a year.
This global presence provides our
analysts with a wealth of data used
to understand current threats and the
cyber threat landscape as a whole.
This report is based on data from
the period of 1 October 2012 to
31 December 2013. It came from
actively monitoring and managing
security incidents as well as
responding to and performing
forensics on those incidents.
This data and analysis excludes
inadvertent data disclosures by nonmalicious insiders, routine malware
detected or spam.

Security intelligence is a vital part of an effective cyber security strategy.

Insights generated from extensive security monitoring alert Chief
Information Security Officers to current attacks, identify sources and
suggest measures to block or mitigate those attacks.
While analyzing threats is critically important, it is only part of the
story. This report is intended to address the follow-up questions: How
many attacks turn into incidents? What measures could have stopped
them? And how do these trends vary from industry to industry?

Cyber security attack rates

Attacks are any kind of malicious activity that attempts to collect,
disrupt, deny, degrade or destroy information system resources or the
information itself.1
Annual

Weekly

Daily

137.4 million

2.6 million

0.38 million

Most-attacked industries
Cyber security attack rates can differ significantly from industry to
industry, even among the five most attacked.1
Industry

Average weekly attacks

Health and Social Services

10.1 million

Transportation

9.8 million

Hospitality

5.5 million

Finance and Insurance

3.6 million

Manufacturing

2.6 million

IBM Global Technology Services

Managed Security Services

Categories of attacks

Cyber security incident rates

Attacks come in many forms. Types of attacks can differ

by industry.1

IT security incidents occur when a cyber attack successfully

compromises its target. Incident rates are calculated based
on incidents per one million cyber attacks in the observed
data set.

Type of attack

Frequency

Malicious code

33%

Sustained probe/scan

28%

Unauthorized access

15%

Low-and-slow attack

12%

Access or credentials abuse

11%

Denial of service

2%

1.07

Incidents per
one million attacks1

Categories of attackers
While the inadvertent actor is smallest group behind cyber
security attacks, it is responsible for approximately
50.9 inadvertent data leaks per week.1
Attackers

Frequency

Outsiders

44%

Unknown

24%

Malicious insider

23%

Inadvertent actor

9%

Average estimated cost per incident

Costs are the average expense required to engage emergency
response services to remediate incidents. These figures do
not include system downtime, customer employee time,
reputational risk and damage to company brand value.
Incident type

Average response cost2

Botnet activity

$120,000

Network compromise

$92,156

Attacker motivation

Malware infection

$61,875

Alleged or likely attacker motivation is determined by IBM

Emergency Response consultants after response is conducted.1

Email compromise

$33,000

Data leakage

$23,062

Motivation

Frequency

Opportunistic

49%

Industrial espionage, financial crime,

terrorism, data theft

23%

Dissatisfaction with employer/job

15%

Social activism, civil disobedience

7%

Other

6%

IBM Global Technology Services

Managed Security Services

Reasons incidents were possible3

Among the factors making incidents possible, 80 percent were
due to end-user error and poor system hygiene.
Factor

Frequency

Copyright IBM Corporation 2013

Mis-configured system or application

42%

End-user error

31%

Undetermined

17%

Vulnerable code

6%

IBM Corporation
IBM Global Technology Services
Route 100
Somers, NY 10589

Targeted attack, exploited vulnerability

6%

Produced in the United States of America

March 2013
IBM, the IBM logo, ibm.com and X-Force are trademarks of
International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names
might be trademarks of IBM or other companies. A current list
of IBM trademarks is available on the Web at Copyright and
trademark information at ibm.com/legal/copytrade.shtml

Industry maturity index

This security maturity index ranks the cyber security incident
rates of observed industry categories. Security-mature
industries maintain significantly lower incident rates. Listed
below are incident rates per one million attacks.1
Most mature

This document is current as of the initial date of publication

and may be changed by IBM at any time. THE INFORMATION IN THIS DOCUMENT IS PROVIDED AS IS
WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED,
INCLUDING WITHOUT ANY WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE AND ANY WARRANTY OR CONDITION
OF NON-INFRINGEMENT. IBM products are warranted
according to the terms and conditions of the agreements under
which they are provided.

Least mature

Industry

Incidents per
1M attacks

Industry

Incidents per
1M attacks

Real Estate

0.14

Construction

4.49

Transportation

0.28

Education

1.97

Hospitality

0.42

Utilities

1.91

Finance and
Insurance

0.45

Mining, Oil
and Gas

1.80

Health and
Social Services

0.57

Extraterritorial
Activities

1.70

1
Data and analysis based on IBM Cyber security Intelligence
& Response Team customer monitoring and consulting data
from the year 2012, with a focus on the period of October 1,
2012 to December 31, 2012. IBM Managed Security Services
(MSS) monitors tens of billions of events per day for more than
3,700 clients in more than 130 countries, 24 hours a day, and
365 days a year. This data and analysis excludes inadvertent data
disclosures by non-malicious insiders, routine malware detected
or spam.

For more information

To learn more about how IBM can help you protect your
organization from cyber threats and strengthen your IT
security, contact your IBM representative or IBM Business
Partner, or visit the following website:
ibm.com/services/security

2
Average cost per incident based on average hours spent by the
IBM Emergency Response Service (ERS), ranked by incident
type, according to IBM ERS engagement cost records for fullyear 2012.
3
Data and analysis based on IBM X-Force Trend and Risk
Report.

Please Recycle

SE303058-USEN-02