Data breaches and outages are a bigger security risk for organizations than they’ve ever been, new research has found.
Splunk recently polled 1,500 security leaders for its State of Security 2023 annual global research report, and found that the number, and the cost associated with cyberattacks, continue to rise.
In fact, more than half (52%) of businesses said they suffered a data breach in the past 24 months, up from 49% last year, and significantly up from 39% mere two years ago. Furthermore, almost two-thirds (62%) of respondents said that every month, their business-critical applications faced unplanned downtime, as a direct result of malware (opens in new tab)-related incidents. This metric has also gone up year-on-year, from 54% in 2022.
Existential threat
Visibility seems to be a major problem for businesses, and a key metric showing the rising threat of cyber-criminal groups, the researchers hint. On average, a threat actor would dwell more than two months in a corporate network before being spotted (usually by escalating the breach).
The mean number of outages a business faces is roughly 22 per year, which equates to almost one incident every two weeks.
Cyberattacks, the researchers further explain, is an “existential threat”. The downtime costs, on average, 2.7% of the annual revenue, and almost two in five (39%) of respondents said the incidents directly harmed their competitive position. Also, a third (31%) said these events reduced shareholder value.
To tackle the problem of cybercriminals, businesses are doing a number of things. The most obvious one is to boost budgets. Almost all (95%) said they expect their cybersecurity budgets to rise over the next two years, with more than half (56%) saying the budget increases were “significant”. Four in five (81%) believe they stand better chances of defending by converging aspects of their security and IT operations together. Finally, 95% said they increased their focus on third-party risk assessment, understanding the risk posed by supply chain attacks.
“In the organizations we’ve worked with, resilience has been strongest with a collaborative approach in everything, from software development and infrastructure monitoring to business continuity planning,” said Ryan Kovar, Distinguished Security Strategist for Splunk and Leader of SURGe.
“This approach brings everyone to the table, including security leaders with IT and business leaders, so they all can focus on protecting the organization.”