Cisco Systems, in its 10th annual cyber security report, says that in the past year 22% of breached organizations lost customers, 29% lost revenue, and 23% lost business opportunities.

New attack methods model corporate hierarchies: Certain "malvertising" campaigns employed brokers (or gates) that act as middle managers, masking malicious activity. "Adversaries can then move with greater speed, maintain their operational space, and evade detection," the report says.

The report surveyed nearly 3,000 chief security officers (CSOs) and security operations leaders from 13 countries. It indicates that most organizations improve their threat defense technologies and processes after attacks. Among these improvements are separating IT and security functions, increasing security awareness training for employees, and implementing risk-mitigation techniques.

Three major problem areas for improving security were identified by CSOs: budget constraints, lack of trained talent, and the large variety of different security products typically used within an organization.

Cisco tracks "time to detection" (TTD), which is the window of time between a compromise and its detection. According to opt-in telemetry from Cisco security products, this metric declined from a median of 14 hours at the beginning of 2016 to as low as six hours in the last half of the year. While this is important, a new metric, "time to evolve," had to be created to track how quickly threat actors changed their attacks to mask their identities.

According to the report, two of the most important measures to combat threats are: (1) develop an architecture that integrates the different security products within an organization, and (2) Automate the security mechanisms to increase the speed of response without requiring human intervention.

John N. Stewart, Cisco’s Chief Security and Trust Officer, and David Ulevitch, General Manager, Security Business, discuss the report in this video.