Companies hit by an attack are more likely to be hit again
Companies are moving from a reactive stance to a more proactive approach to cybersecurity. They are focusing on business impact and risk reduction, optimising their defences, and incorporating new best practices, such as offensive testing.
However, two-thirds of companies who have been hit by cyber crime in the past year have been hit more than once, with almost 10% experiencing 10 or so more attacks a year.
This was the results of a survey carried out by Cymulate, an Extended Security Posture Management market leader. The research surveyed security professionals across North America, EMEA, APAC and LATAM across a wide range of industries including technology, banking, finance and government.
It also highlighted larger companies are experiencing shorter disruption time and damage to business with 40% reported low damage compared with medium-size businesses (less than 2,500 employees) which had longer recovery times and more business affecting damage.
Becoming aware of cyber risks
Over the last 12 months, 40% of respondents reported being breached, and after being breached once, statistics showed they were more likely to be hit again than not (66%). Fooling employees via phishing scams is still the number one way that attackers make it through the front door, at 56%. However, in 37% of cases, attacks are coming from connected third parties.
The report found that if they can’t breach your employees, the hackers will turn to your partners and supply chain. It was reported that 29% of attacks come from insider threats, which can often be unintentional due to human error. Malware (55%), and more specifically ransomware (40%) and DDoS (32%) were the main forms of cyber attacks experienced by those surveyed.
Implementing best practices for cyber attack prevention
22% of companies publicly disclosed cyber attacks in the worst-case breaches, with 35% needing to hire security consultants, 12% dismissing their current security professionals and 12% hiring public relations consultants to deal with the repercussions to their reputations.
It was found that leadership and cybersecurity teams who meet regularly to discuss risk reduction are more cybersecurity-ready - those who met 15 times a year incurred zero breaches whereas those who suffered six or more breaches met under nine times on average.
"Surprisingly, the survey shows that victims of attacks do not double down on their defences once they have been hit and they are largely seen by hackers as easy, lucrative prey.” said Eyal Wachsman, CEO and Co-Founder of Cymulate.
“However, it's great to see businesses are showing progress in other areas. Increased awareness and understanding of cyber risk at the boardroom level is making a substantial impact as the results illustrate that companies who are more proactive on this front incur less breaches. Another positive note is that larger corporations who have suffered breaches are recovering quicker and experiencing less damage from a business perspective, indicating that they have enhanced their capabilities to mitigate attacks and prevent damage," Wachsman added.
