Organisations spend half a million pounds, annually, dealing with false positive alerts

A report from The Ponemon Institute reveals that two-thirds of the time spent by security staff responding to malware alerts is wasted because of faulty intelligence. The report found that teams spend, on average, 272 hours each week responding to ‘false positive’ cyber alerts – due to erroneous or inaccurate malware alerts. This equates to an average cost of £515,964 annually, for each organisation, in lost time.

  • 9 years ago Posted in

The findings come from a new Cost of Malware Containment report, commissioned by Damballa, a leader in automated breach detection, which surveyed 551 IT and IT security practitioners across EMEA. The report found that organisations are dealing with nearly 10,000 malware alerts per week, however, only 22% of these are considered reliable. More worryingly, only a small fraction – 3.5% – of all alerts, are deemed worthy of further investigation. This suggests that IT teams are struggling with the resources, or expertise, to block or detect serious malware.


With latest reports revealing that 90% of large companies have suffered a data breach over the last year – at an estimated cost of between £1.46 million and £3.14 million*– the Ponemon findings highlight the importance of focussing efforts on finding and responding to the ‘true positive’, active infections, to mitigate security risks.


Key findings:
· Malware infections have become more severe in the past year. Fifty-seven percent of respondents say the severity of malware infections have significantly increased (14%) or increased (43 %) in the past year. Nearly half (47 %) of respondents report that volume has significantly increased or increased in the past 12 months.
· Many organisations have an unstructured approach to malware containment: Whilst the severity of infections is rising, nearly a quarter of respondents – 23% – report that they have an “ad hoc” approach to containment, with 38% responding that there is no one person accountable for the containment of malware.
· Most organizations do not have automated tools to capture intelligence:
Only 37% of EMEA respondents reported that their organisation has automated tools that capture intelligence and evaluate the true threat driven by malware. Organisations that do have automated tools report that an average of 44% of malware containment does not require human input or intervention and can be handled by these automated tools.


Stephen Newman, CTO of Damballa, noted, “These findings are significant as they highlight the real impact of false malware intelligence. Not only are teams devoting valuable time and resources to hunting down the false positives but they’re also in danger of missing the real infections, which could have a devastating impact.”
He continues: “The severity and frequency of attacks is increasing, so the focus really needs to be on building better intelligence, which means that organisations will have the confidence of knowing exactly where the real threats are. This means that teams can direct their efforts where it is most needed; on finding and quickly remediating the active infections.”

New state-of-the-art data centre features Vultr’s first AMD GPU supercompute cluster.
Only a quarter (25%) think their approach to the cloud is carefully considered and successful.
Moving to AWS Cloud will enable The Co-operative Bank to adopt cutting edge IT Infrastructure.
The global airline group will upgrade the value of its data and get its AI & generative AI ready...
Barracuda Networks’s award-winning Email Protection and Cloud Backup security solutions will be...
Leading company in renewables to leverage HPE’s unique turnkey AI infrastructure solution to...
The four-year project extension focuses on cloud transformation and enhanced operational efficiency...
Businesses in the UK are risking slower development as they fail to fully embrace technologies that...