Top executives in charge of cybersecurity at health systems across the country are painfully aware of the costs of unchecked external Internet attacks. Even still, many lack the expertise and technology to stop them, according to a new Ponemon Institute study.

For the report, “Security Beyond the Traditional Perimeter,” commissioned by BrandProtect, Ponemon garnered responses from 505 companies representing a wide range of industries. Ponemon said the number of responses makes it one of the most comprehensive investigative surveys to date on external threat awareness, costs, preparedness and mitigation. 

Ponemon found that healthcare is among one of the least prepared industries, though none rates high.

When asked to respond to whether they agreed with the statement: “Our organization has a formal process for monitoring the Internet and social media,” only 16 percent of the healthcare respondents indicated they did. By contrast, the financial services sector scored the highest with 26 percent indicating they had a process in place.

[Also: Where do CISOs fit in the healthcare C-suite?]

Security leaders across healthcare and the other sectors highlighted the lack of staff expertise and technology as a key reason attacks went unchecked.

Seventy-nine percent of the IT and IT security practitioners polled, in fact, indicated that their defensive infrastructure to identify and mitigate those threats were either non-existent, ad hoc or inconsistently applied.

The findings reveal that the health systems and companies represented in the research averaged more than one cyber attack per month and incurred annual costs of about $3.5 million attributable to cyber attacks.

Security professionals cited an acute need for expertise, technology, and external services to address their growing concerns about these external threats.

“The majority of security leaders understand that these external Internet threats imperil business continuity,” said Larry Ponemon, president of the Ponemon Research Institute. “The study highlights a gap in defenses against threats that have proven to be extremely effective for cyber criminals and costly for enterprises.”  

Twitter: @Bernie_HITN
Email the writer: bernie.monegain@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn