Article
Cyber Security

82% of all cyberattacks involve the human element

By Vikki Davies
April 12, 2023
undefined mins
78% of ransomware victims faced the consequences of one, two or three additional threats unless they paid the ransom.
78% of ransomware victims faced the consequences of one, two or three additional threats unless they paid the ransom.
Cyber Edge Group has released its 2023 Cyberthreat Defense Repor which also found nearly 4 in 5 ransomware attacks include threats beyond data encryption.

Cyber Edge Group, a research and marketing firm serving the cybersecurity industry’s vendors, today announced the publication of its tenth annual Cyberthreat Defense Report (CDR). This year’s edition provides data about ransomware attacks involving multiple threats, uncharacteristic optimism among IT security professionals, how security leaders are engaging with board members, and why industry veterans are earning security certifications. It also reveals the cybersecurity technologies that organizations are prioritizing this year and the threats that worry them most.

Double, triple and quadruple ransomware threats are common

Long gone are the days when ransomware victims had to contend with encrypted data alone. Last year, according to the survey, 78% of ransomware victims faced the consequences of one, two or three additional threats unless they paid the ransom. Additional threats include launching distributed denial of service (DDoS) attacks (42%), notifying customers or the media of the data breach (42%), and publicly releasing exfiltrated data (40%).

But we may have turned a corner

Despite experiencing record-setting ransomware attacks last year, security professionals appear to be uncharacteristically optimistic about 2023. The percentage of survey respondents who believe it’s more likely than not that their employers will be victimized by a successful cyberattack of some kind in the coming year declined for the first time in six years, from 76% to 72%. In addition, their overall concern about cyberthreats ticked down. One factor contributing to the improving sentiment: the percentage of organizations experiencing at least one successful attack in 2022 (85%) declined for the second consecutive year.

“Security professionals rarely hear good news when it comes to cyberthreat statistics,” says Steve Piper, founder and CEO of Cyber Edge Group. “Although successful ransomware attacks are up, the percentage of organizations victimized by all classes of cyberthreats fell for the second straight year – the first multi-year decline in CDR history. Overall concern for cyberthreats ticked down for the first time since the start of the pandemic, concern for web and mobile attacks is down, concern for cloud security challenges is down, and security professionals are starting to feel more optimistic. With increased adoption of modern cybersecurity defenses, the industry may finally have turned the tide against our cyber adversaries.”

Additional Key Findings

CyberEdge Group’s CDR is the standard for assessing organisations’ security posture, gauging the perceptions of information technology (IT) security professionals, and ascertaining current and planned investments in IT security infrastructure – across all industries and geographic regions. The 2023 CDR yielded dozens of additional insights, including:

  • Board engagement. At nearly all companies with a board of directors (97%), information security leaders engage board members directly. More than half (51%) provide monthly, quarterly, or annual cyber risk assessments reports to the board.
  • Hottest security tech for 2023. The CDR tracks current and planned investments by security organizations across four technology categories. Among the most sought-after security technologies in 2023 are next-generation firewalls (network security category), deception technology (endpoint security category), bot management (application and data security category), and full packet capture and analysis (security management and operations category).
  • This year’s weakest links. Industrial control systems (ICS), Internet of Things (IoT) devices, and mobile devices top this year’s list of the IT components that respondents indicated are most challenging to secure.
  • Feeling short-handed. Seven in eight organizations (87%) are experiencing a shortfall of security talent, with IT security administrators in greatest demand. Security professionals cite “lack of skilled personnel” as the top inhibitor to defending against cyberthreats.
  • Professional certification: it’s not about the Benjamins. Security professionals who have earned one or more IT security professional certifications cite “expanded knowledge” as the primary benefit of their credentials. “Increased compensation” is at the bottom of the list.
  • Embracing emerging tech. The vast majority of organizations are adopting emerging security technologies such as zero trust network architectures (ZTNA; 92%), extended detection and response (XDR; 93%), and secure access service edge (SASE; 93%).
  • Increased security spending. The average information security budget went up by 5.3% in 2023, a new CDR record.
Cybersecurityransomwarecybercrime
Share
Share
Author
Vikki Davies

Featured Articles

Norton: Report Highlights Rising Trend of AI Dating Scams

Norton report shows that as AI becomes more sophisticated and accessible, so do the risks of romantic scams conducted via AI

Barracuda: Why Businesses Struggle to Manage Cyber Risk

Barracuda Networks CIO report shows that six in 10 businesses struggle to manage cyber risk, with issues such as policy struggles and management buy-in

Evri, Amazon and Paypal Among Brands Most Used by Scammers

With the development of AI, cybercriminals are becoming more and more sophisticated in their attacks, using fake websites and impersonating popular brands

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Technology & AI

MWC Barcelona 2024: The Future is Connectivity

Technology & AI

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Cyber Security