"There is data out there, but a lot of it is being disputed," acknowledges Scott Aken, vice president for cyber operations at SAIC. "If you go into some of the forums, the information being stolen and put up for sale that is intellectual property is as easily monetized as credit cards are."
At least one analyst agrees with the assessment, however. In his early research, Josh Corman of The 451 Group found that more than 50 of the Fortune 100 have had intellectual property lost within the last 18 months.
"We, the security industry, have not given proper attention at intellectual property," Corman says.
According to the McAfee-SAIC report, the average organization in China, Japan, the United Kingdom and the United States, spend about $1 million a day on their information technology, while companies in China, India and the United States spend $1 million a week on securing data outside their own countries. Worries about the safety of their business data has caused the most companies to refrain from doing business with Pakistan, China and Russia. The United Kingdom, the United States and Germany are perceived as being the safest havens for data.
Companies have considering different strategies to protect critical information assets. Nearly 70% of companies have deployed new systems, such as deep packet inspection, while almost half of respondents said they would take data off the network and make it unavailable, just to protect it.
In fact, McAfee takes that approach to some of its own information, Hunt says. "We have a lot of airgaps," he says. "Some aspects of our source code is totally airgapped."
About half of all organizations plan to increase their investment in securing critical business information, while only 5% are looking to decrease spending, the report says.
Mobile devices continue to be a major worry for companies, with almost two-thirds of firms saying that securing data from exfiltration via mobile devices is a "challenge," according to the report. The convergence of the greater business efficiency allowed by mobile devices and increasing use of social networks in business, risk to data has increased dramatically, the report says.
"These two forces represent an astronomical increase in the level of risk organizations face with regard to leaked data," the report states.