Companies hit by an attack are more likely to be hit again

Cymulate’s recent survey took a look into the impact of cyber attacks on businesses, finding despite growing threat there are reasons to be optimistic

Companies are moving from a reactive stance to a more proactive approach to cybersecurity. They are focusing on business impact and risk reduction, optimising their defences, and incorporating new best practices, such as offensive testing.

However, two-thirds of companies who have been hit by cyber crime in the past year have been hit more than once, with almost 10% experiencing 10 or so more attacks a year. 

This was the results of a survey carried out by Cymulate, an Extended Security Posture Management market leader. The research surveyed security professionals across North America, EMEA, APAC and LATAM across a wide range of industries including technology, banking, finance and government.

It also highlighted larger companies are experiencing shorter disruption time and damage to business with 40% reported low damage compared with medium-size businesses (less than 2,500 employees) which had longer recovery times and more business affecting damage.

Becoming aware of cyber risks

Over the last 12 months, 40% of respondents reported being breached, and after being breached once, statistics showed they were more likely to be hit again than not (66%). Fooling employees via phishing scams is still the number one way that attackers make it through the front door, at 56%. However, in 37% of cases, attacks are coming from connected third parties.

The report found that if they can’t breach your employees, the hackers will turn to your partners and supply chain. It was reported that 29% of attacks come from insider threats, which can often be unintentional due to human error. Malware (55%), and more specifically ransomware (40%) and DDoS (32%) were the main forms of cyber attacks experienced by those surveyed.

Implementing best practices for cyber attack prevention 

22% of companies publicly disclosed cyber attacks in the worst-case breaches, with 35% needing to hire security consultants, 12% dismissing their current security professionals and 12% hiring public relations consultants to deal with the repercussions to their reputations. 

It was found that leadership and cybersecurity teams who meet regularly to discuss risk reduction are more cybersecurity-ready - those who met 15 times a year incurred zero breaches whereas those who suffered six or more breaches met under nine times on average.

"Surprisingly, the survey shows that victims of attacks do not double down on their defences once they have been hit and they are largely seen by hackers as easy, lucrative prey.” said Eyal Wachsman, CEO and Co-Founder of Cymulate.

“However, it's great to see businesses are showing progress in other areas. Increased awareness and understanding of cyber risk at the boardroom level is making a substantial impact as the results illustrate that companies who are more proactive on this front incur less breaches. Another positive note is that larger corporations who have suffered breaches are recovering quicker and experiencing less damage from a business perspective, indicating that they have enhanced their capabilities to mitigate attacks and prevent damage," Wachsman added. 


Featured Articles

Gary Merrill: Who Is Commvault’s First-Ever CCO?

Experiencing a period of rapid growth, Commvault have created the new position of CCO and given it to company veteran and former CFO Gary Merrill to lead

Xalient's Stephen Amstutz on Need for Cyber Staff Wellness

Stephen Amstutz, Director of Innovation at Xalient explains why cyber staff are getting stressed and what can be done to help

Worldwide IT Outage Not Cyber Attack - But Software Update

The global IT outage that is being described as one of the biggest ever is thankfully not being attributed to a cyber attack, but rather a software update

Companies Across Cyber Sphere Warn of Surge in DDoS attacks

Cyber Security

UK Takes Steps to Strengthen Country's Cyber Security

Cyber Security

BlueVoyant Launch Platform to Tackle Supplier Attack Surface

Operational Security