Organisations spend half a million pounds, annually, dealing with false positive alerts

A report from The Ponemon Institute reveals that two-thirds of the time spent by security staff responding to malware alerts is wasted because of faulty intelligence. The report found that teams spend, on average, 272 hours each week responding to ‘false positive’ cyber alerts – due to erroneous or inaccurate malware alerts. This equates to an average cost of £515,964 annually, for each organisation, in lost time.

  • 9 years ago Posted in

The findings come from a new Cost of Malware Containment report, commissioned by Damballa, a leader in automated breach detection, which surveyed 551 IT and IT security practitioners across EMEA. The report found that organisations are dealing with nearly 10,000 malware alerts per week, however, only 22% of these are considered reliable. More worryingly, only a small fraction – 3.5% – of all alerts, are deemed worthy of further investigation. This suggests that IT teams are struggling with the resources, or expertise, to block or detect serious malware.


With latest reports revealing that 90% of large companies have suffered a data breach over the last year – at an estimated cost of between £1.46 million and £3.14 million*– the Ponemon findings highlight the importance of focussing efforts on finding and responding to the ‘true positive’, active infections, to mitigate security risks.


Key findings:
· Malware infections have become more severe in the past year. Fifty-seven percent of respondents say the severity of malware infections have significantly increased (14%) or increased (43 %) in the past year. Nearly half (47 %) of respondents report that volume has significantly increased or increased in the past 12 months.
· Many organisations have an unstructured approach to malware containment: Whilst the severity of infections is rising, nearly a quarter of respondents – 23% – report that they have an “ad hoc” approach to containment, with 38% responding that there is no one person accountable for the containment of malware.
· Most organizations do not have automated tools to capture intelligence:
Only 37% of EMEA respondents reported that their organisation has automated tools that capture intelligence and evaluate the true threat driven by malware. Organisations that do have automated tools report that an average of 44% of malware containment does not require human input or intervention and can be handled by these automated tools.


Stephen Newman, CTO of Damballa, noted, “These findings are significant as they highlight the real impact of false malware intelligence. Not only are teams devoting valuable time and resources to hunting down the false positives but they’re also in danger of missing the real infections, which could have a devastating impact.”
He continues: “The severity and frequency of attacks is increasing, so the focus really needs to be on building better intelligence, which means that organisations will have the confidence of knowing exactly where the real threats are. This means that teams can direct their efforts where it is most needed; on finding and quickly remediating the active infections.”

On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.
Commvault provides cloud-first organisations with greater choice and flexibility to protect and...