As organisations rethink their responses to persistent, evolving threats such as ransomware, they’re also having to deal with economic shifts, staffing issues, and shrinking budgets, meaning they are having to make tough choices on how to best protect their critical data.
To better understand how enterprises are acting, we surveyed 920 decision makers from enterprises across industries in the US, UK, and Germany.
The results show a changing landscape — both in terms of threats and security responses — and a fair amount of anxiety about what could be coming next.
Top Takeaways from Our Global Survey
The hundreds of decision makers surveyed had four concerns in common:
- Economic headwinds
- Cloud security
- The rise of business email compromise ransomware attacks
- The lack of strong incident response
All four of these concerns are interconnected and highlight how cybersecurity is at an inflection point as organisations try to stay secure against sophisticated threats while continuing to innovate.
1. Layoffs Are Hitting Big Businesses
62% of respondents had to lay off employees in the past 12 months. This data isn’t surprising, as economic headwinds have blown through every industry across the globe. While most of those cuts affected marketing and sales with 43%, 40% of layoffs were from IT and security. Many organisations are struggling to meet internal security demands and improve their security posture, so the reduced headcount may create future headaches.
2. Inflation Is Impacting How Organisations Spend
It’s not just economic unease that’s affecting businesses’ bottom line. The word of 2022 might as well be “inflation,” and according to our survey, it’s the top business concern heading into 2023. 53% of US organisations and 59% of UK organisations say it’s affecting their business.
More inflation means more belt-tightening in the budget, which further strains security resources — as evidenced by the fact that the second largest concern is talent shortage, with 41%. Still, even with inflation and layoffs, 79% of organisations are looking to expand their security budget in 2023, demonstrating just how vital strong, proactive cybersecurity is to an organisation’s health.
3. Cloud Security Is Top of Mind
As organisations move to a digital-first mindset and the workforce continues to move past office walls, cloud security has become a top concern, with 48% of organisations listing “cloud breach” as the top attack vector fear. This overtakes ransomware (43%) and business email compromise (38%), partially due to the expansion of cloud services as well as global layoffs, a growing cloud-skills gap, and threat actors’ growing focus on cloud misconfigurations.
4. BEC attacks are increasing
While the cloud may be top of mind, that doesn’t change the fact that BEC attacks are on an upward trajectory.
Of the 52% of enterprises who admitted to experiencing at least one major security event in the last year, over a third of them were hit by BEC. In addition, 89% of the respondents have been targeted by malicious messages in the last twelve months, and 41% of those fit the bill of BEC as “an email or text message that impersonates an executive at your company.”
5. Organisations’ Incident Response Plans Aren’t Ready for an Attack
Our survey found that if an organisation was to experience a breach, just over half of executives say they would inform their executive team, and only 25% would tell their customers. Transparency is key when it comes to incident response.
Organisations need to understand how a hacker got in, and what actions need to be taken to prevent another worst-case scenario — keeping secrets doesn’t help you stay secure. In addition, while IT teams are finding themselves downsized, 47% of organisations said they would blame their IT and cybersecurity teams if a breach happened.
How Organisations Can Act to Ease Concerns
As long as there are threat actors, there will be cybersecurity concerns. But there are proactive steps an organisation can take to help secure their systems and data. A security operations solution can provide both human and technological support in a way that works with budgets and provides cutting-edge detection and response services.
Education can also help organisations figure out next steps and continue their security journey in the face of such uncertainty. Here are some resources we recommend: