Some 68% of organisations have experienced a known cyber attack within the last 12 months, with 16% of those estimating the financial damage to be at least £40,000. Forty per cent the breached organisations incurred unplanned expenses and 10% suffered other serious consequences, such as loss of competitive edge, decreased sales or customer churn.

This is among the findings of the annual global Hybrid Security Trends Report from Netwrix, which is based on research carried out amongst 1,610 IT professionals from 106 countries via an online questionnaire in February 2023.

To mitigate the risk of financial loss from data breach, the study found that 44% of organisations are insured and 15% plan to purchase a policy within the next 12 months. Some 22% of the organisations with a policy had to improve their security posture to even be eligible for the policy.

“While cyber insurance has value, it’s vital to remember that it is no substitute for strong security. After all, while an insurance pay out can defray the financial impact of a security incident, no policy can restore an organisation’s data, operations, or reputation,” said Dirk Schrader, vice-president of security research at Netwrix.

The survey also reveals that on-premises infrastructures suffer more cyber attacks than the cloud. The starkest difference was for ransomware and other malware attacks, which were reported by nearly twice as many respondents for on-prem environments (37%) as for the cloud (19%).

“On-prem environments are more vulnerable to attacks than software-as-a-service (SaaS) systems because they often have sprawling privileges on the infrastructure level. For example, users might have administrative rights on their computers and service accounts often have elevated rights. Malicious actors can abuse these standing privileges to spread malware quickly across on-premises systems,” explained Dmitry Sotnikov, vice-president of product management at Netwrix.

“Understaffing of IT teams is the biggest challenge to ensuring data security, cited by half of respondents. Therefore, it is crucial to build a security architecture that reduces the workload for IT and security pros. Automating routine tasks, choosing mature security products that produce fewer false positive alerts and relying on a select group of trusted vendors that have an extensive portfolio and a unified support team can help mitigate the shortage of security personnel."

Share Story: