82% of all cyberattacks involve the human element

Cyber Edge Group has released its 2023 Cyberthreat Defense Repor which also found nearly 4 in 5 ransomware attacks include threats beyond data encryption.

Cyber Edge Group, a research and marketing firm serving the cybersecurity industry’s vendors, today announced the publication of its tenth annual Cyberthreat Defense Report (CDR). This year’s edition provides data about ransomware attacks involving multiple threats, uncharacteristic optimism among IT security professionals, how security leaders are engaging with board members, and why industry veterans are earning security certifications. It also reveals the cybersecurity technologies that organizations are prioritizing this year and the threats that worry them most.

Double, triple and quadruple ransomware threats are common

Long gone are the days when ransomware victims had to contend with encrypted data alone. Last year, according to the survey, 78% of ransomware victims faced the consequences of one, two or three additional threats unless they paid the ransom. Additional threats include launching distributed denial of service (DDoS) attacks (42%), notifying customers or the media of the data breach (42%), and publicly releasing exfiltrated data (40%).

But we may have turned a corner

Despite experiencing record-setting ransomware attacks last year, security professionals appear to be uncharacteristically optimistic about 2023. The percentage of survey respondents who believe it’s more likely than not that their employers will be victimized by a successful cyberattack of some kind in the coming year declined for the first time in six years, from 76% to 72%. In addition, their overall concern about cyberthreats ticked down. One factor contributing to the improving sentiment: the percentage of organizations experiencing at least one successful attack in 2022 (85%) declined for the second consecutive year.

“Security professionals rarely hear good news when it comes to cyberthreat statistics,” says Steve Piper, founder and CEO of Cyber Edge Group. “Although successful ransomware attacks are up, the percentage of organizations victimized by all classes of cyberthreats fell for the second straight year – the first multi-year decline in CDR history. Overall concern for cyberthreats ticked down for the first time since the start of the pandemic, concern for web and mobile attacks is down, concern for cloud security challenges is down, and security professionals are starting to feel more optimistic. With increased adoption of modern cybersecurity defenses, the industry may finally have turned the tide against our cyber adversaries.”

Additional Key Findings

CyberEdge Group’s CDR is the standard for assessing organisations’ security posture, gauging the perceptions of information technology (IT) security professionals, and ascertaining current and planned investments in IT security infrastructure – across all industries and geographic regions. The 2023 CDR yielded dozens of additional insights, including:

  • Board engagement. At nearly all companies with a board of directors (97%), information security leaders engage board members directly. More than half (51%) provide monthly, quarterly, or annual cyber risk assessments reports to the board.
  • Hottest security tech for 2023. The CDR tracks current and planned investments by security organizations across four technology categories. Among the most sought-after security technologies in 2023 are next-generation firewalls (network security category), deception technology (endpoint security category), bot management (application and data security category), and full packet capture and analysis (security management and operations category).
  • This year’s weakest links. Industrial control systems (ICS), Internet of Things (IoT) devices, and mobile devices top this year’s list of the IT components that respondents indicated are most challenging to secure.
  • Feeling short-handed. Seven in eight organizations (87%) are experiencing a shortfall of security talent, with IT security administrators in greatest demand. Security professionals cite “lack of skilled personnel” as the top inhibitor to defending against cyberthreats.
  • Professional certification: it’s not about the Benjamins. Security professionals who have earned one or more IT security professional certifications cite “expanded knowledge” as the primary benefit of their credentials. “Increased compensation” is at the bottom of the list.
  • Embracing emerging tech. The vast majority of organizations are adopting emerging security technologies such as zero trust network architectures (ZTNA; 92%), extended detection and response (XDR; 93%), and secure access service edge (SASE; 93%).
  • Increased security spending. The average information security budget went up by 5.3% in 2023, a new CDR record.

Featured Articles

BlueVoyant's Tom Moore Talks Legal Procedure Following Hack

BlueVoyant's Tom Moore explains how companies should act with legal council following a cyber attack

GDPR: Studying the World's Strictest Security Law 6 Years On

We take a look at the history, impact, and future of GDPR to see how it has effected the cyber sphere six years after its enactment

Banking Titan Baird Gives 9 Pointers for Cyber Investors

Investment bank Baird have made nine observations from RSA Conference that investors should consider when investing in today’s cyber market

OpenText's Pillr Buy Show Acquisitions Still in its Strategy

Cyber Security

Zoom Prepares for Quantum World with Post-Quantum Encryption

Cyber Security

Tenable: Security Expertise Gap Threatening Cloud Expansion

Operational Security