Companies hit by an attack are more likely to be hit again

Cymulate’s recent survey took a look into the impact of cyber attacks on businesses, finding despite growing threat there are reasons to be optimistic

Companies are moving from a reactive stance to a more proactive approach to cybersecurity. They are focusing on business impact and risk reduction, optimising their defences, and incorporating new best practices, such as offensive testing.

However, two-thirds of companies who have been hit by cyber crime in the past year have been hit more than once, with almost 10% experiencing 10 or so more attacks a year. 

This was the results of a survey carried out by Cymulate, an Extended Security Posture Management market leader. The research surveyed security professionals across North America, EMEA, APAC and LATAM across a wide range of industries including technology, banking, finance and government.

It also highlighted larger companies are experiencing shorter disruption time and damage to business with 40% reported low damage compared with medium-size businesses (less than 2,500 employees) which had longer recovery times and more business affecting damage.

Becoming aware of cyber risks

Over the last 12 months, 40% of respondents reported being breached, and after being breached once, statistics showed they were more likely to be hit again than not (66%). Fooling employees via phishing scams is still the number one way that attackers make it through the front door, at 56%. However, in 37% of cases, attacks are coming from connected third parties.

The report found that if they can’t breach your employees, the hackers will turn to your partners and supply chain. It was reported that 29% of attacks come from insider threats, which can often be unintentional due to human error. Malware (55%), and more specifically ransomware (40%) and DDoS (32%) were the main forms of cyber attacks experienced by those surveyed.

Implementing best practices for cyber attack prevention 

22% of companies publicly disclosed cyber attacks in the worst-case breaches, with 35% needing to hire security consultants, 12% dismissing their current security professionals and 12% hiring public relations consultants to deal with the repercussions to their reputations. 

It was found that leadership and cybersecurity teams who meet regularly to discuss risk reduction are more cybersecurity-ready - those who met 15 times a year incurred zero breaches whereas those who suffered six or more breaches met under nine times on average.

"Surprisingly, the survey shows that victims of attacks do not double down on their defences once they have been hit and they are largely seen by hackers as easy, lucrative prey.” said Eyal Wachsman, CEO and Co-Founder of Cymulate.

“However, it's great to see businesses are showing progress in other areas. Increased awareness and understanding of cyber risk at the boardroom level is making a substantial impact as the results illustrate that companies who are more proactive on this front incur less breaches. Another positive note is that larger corporations who have suffered breaches are recovering quicker and experiencing less damage from a business perspective, indicating that they have enhanced their capabilities to mitigate attacks and prevent damage," Wachsman added. 


Share

Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI