As organizations rethink their responses to persistent, evolving threats such as ransomware, they’re also having to deal with economic shifts, staffing issues, and shrinking budgets, meaning they are having to make tough choices on how to best protect their critical data.
To better understand how enterprises are acting, we surveyed 920 decision makers from enterprises across industries in the US, UK, and Germany.
The results show a changing landscape — both in terms of threats and security responses — and a fair amount of anxiety about what could be coming next.
Top Takeaways from Our Global Survey
The hundreds of decision makers surveyed had four concerns in common:
- Economic headwinds
- Cloud security
- The rise of business email compromise ransomware attacks
- The lack of strong incident response
All four of these concerns are interconnected and highlight how cybersecurity is at an inflection point as organizations try to stay secure against sophisticated threats while continuing to innovate.
1. Layoffs Are Hitting Big Businesses
62% of respondents had to lay off employees in the past 12 months. This data isn’t surprising, as economic headwinds have blown through every industry across the globe. While most of those cuts affected marketing and sales with 43%, 40% of layoffs were from IT and security. Many organizations are struggling to meet internal security demands and improve their security posture, so the reduced headcount may create future headaches.
2. Inflation Is Impacting How Organizations Spend
It’s not just economic unease that’s affecting businesses’ bottom line. The word of 2022 might as well be “inflation,” and according to our survey, it’s the top business concern heading into 2023. 53% of US organizations and 59% of UK organizations say it’s affecting their business.
More inflation means more belt-tightening in the budget, which further strains security resources — as evidenced by the fact that the second largest concern is talent shortage, with 41%. Still, even with inflation and layoffs, 79% of organizations are looking to expand their security budget in 2023, demonstrating just how vital strong, proactive cybersecurity is to an organization’s health.
3. Cloud Security Is Top of Mind
As organizations move to a digital-first mindset and the workforce continues to move past office walls, cloud security has become a top concern, with 48% of organizations listing “cloud breach” as the top attack vector fear. This overtakes ransomware (43%) and business email compromise (38%), partially due to the expansion of cloud services as well as global layoffs, a growing cloud-skills gap, and threat actors’ growing focus on cloud misconfigurations.
4. BEC attacks are increasing
While the cloud may be top of mind, that doesn’t change the fact that BEC attacks are on an upward trajectory.
Of the 52% of enterprises who admitted to experiencing at least one major security event in the last year, over a third of them were hit by BEC. In addition, 89% of the respondents have been targeted by malicious messages in the last twelve months, and 41% of those fit the bill of BEC as “an email or text message that impersonates an executive at your company.”
5. Organizations’ Incident Response Plans Aren’t Ready for an Attack
Our survey found that if an organization was to experience a breach, just over half of executives say they would inform their executive team, and only 25% would tell their customers. Transparency is key when it comes to incident response.
Organizations need to understand how a hacker got in, and what actions need to be taken to prevent another worst-case scenario — keeping secrets doesn’t help you stay secure. In addition, while IT teams are finding themselves downsized, 47% of organizations said they would blame their IT and cybersecurity teams if a breach happened.
How Organizations Can Act to Ease Concerns
As long as there are threat actors, there will be cybersecurity concerns. But there are proactive steps an organization can take to help secure their systems and data. A security operations solution can provide both human and technological support in a way that works with budgets and provides cutting-edge detection and response services.
Education can also help organizations figure out next steps and continue their security journey in the face of such uncertainty. Here are some resources we recommend: