Cybercrime costs companies 3.5 billion euro a year. | KPMG | BE

2/09/2015 - Cybercrime costs companies 3.5 billion euro* a year in Belgium

Cybercrime costs companies 3.5 billion euro a year.

A study by KPMG Advisory, in collaboration with FireEye, exposes major pain points in this area. 80% of companies surveyed were not able to prevent breaches, despite antivirus programs, spam gateways, and other best practices. Of the firms that were compromised, none had sufficient capability to detect the breach. Modern threats are not being detected and too often go unnoticed. Malicious software comes in many forms and is a major threat to the security and integrity of Belgian companies.


Related content

Brussels, 1 September 2015- Hacking of information systems occurs frequently, and the cost of cybercrime annually is estimated at a whopping 3.5 billion euro* in Belgium. KPMG Advisory, in collaboration with FireEye and Exclusive Networks, studied, over a period of eight months, the extent to which 10 large Belgian companies from seven different sectors were victims of cyber attacks. The results of the study were frightening: eight of these 10 companies were, without knowing it, infected with active malware that remote attackers were able to communicate with.


"Most companies surveyed were unable to prevent intrusions into their network, either via antivirus, spam gateways, or other tools," says Senior Cyber Security Specialist Jordan Barth of KPMG Advisory. "Even afterwards, the companies affected could not detect the infiltration. The risk of losing important data that can damage their competitive position, their reputation, and their business is quite substantial. Moreover, it takes a lot of time to investigate the problem and to resolve it."

"It is therefore of utmost importance that companies view information security as a top priority for the whole enterprise and not just the IT department. The known preventive measures may not be able to intercept all the intrusions, but a defensive approach does support overall resilience. However, this should not result in a false sense of security, and continuous tests and simulations remain necessary," Barth adds.


Because prevention is never 100% guaranteed, companies must be prepared for an intrusion, by installing controls so that the capabilities of the attacker are limited, and they are able to determine how to detect such an attack and remedy it.


How can a company better protect itself against cyber attacks?

  • Re-enforce signature-based defenses with non-signature based detection methods
  • Place as much emphasis on detection as on prevention
  • Do not wait until a problem arises to ensure that the network and detection systems actually operate


Some tips to help protect an organization from external attacks

  • Ensure that the traditional control mechanisms are applied and kept up-to-date. These are the basic requirements for everything regarding security.
  • Ensure that critical systems are known and that the responsible services/people know where the most sensitive data is stored.
  • Ensure everyone in the company knows the latest threats: from the end user to management.
  • Increase the possibility of discovering security breaches after they occurred.



Connect with us


Request for proposal