Other findings: Medium companies suffer more business-impacting damage and for longer periods than larger companies.
78% of companies affected don't publicly report their breaches.
New York, and Tel Aviv, (June 15th, 2022) - Cymulate, the Extended Security Posture Management market leader, announced today the results of a survey, revealing that two-thirds of companies who have been hit by cyber-crime in the past year have been hit more than once, with almost 10% experiencing 10 or so more attacks a year. Research taken from 858 security professionals surveyed across North America, EMEA, APAC and LATAM across a wide range of industries including technology, banking, finance, and government, also highlighted larger companies are experiencing shorter disruption time and damage to business with 40% reported low damage compared with medium-sized businesses (less than 2,500 employees) which had longer recovery times and more business affecting damage.
Other highlights include:
- 40% of respondents admitted to being breached over the past 12 months.
- After being breached once, statistics showed they were more likely to be hit again than not (66%).
- Malware (55%), and more specifically ransomware (40%) and DDoS (32%) were the main forms of cyber attacks experienced by those surveyed.
- Attacks primarily occurred via end-user phishing (56%), via third parties connected to the enterprise (37%) or direct attacks on enterprise networks (34%).
- 22% of companies publicly disclosed cyber attacks in the worst-case breaches, with 35% needing to hire security consultants, 12% dismissing their current security professionals and 12% hiring public relations consultants to deal with the repercussions to their reputations. Top three best practices for cyberattack prevention, mitigation and remediation include multi-factor authentication (67%), proactive corporate phishing and awareness campaigns (53%), and well-planned and practiced incident response plans (44%). Least privilege also ranked highly, at 43%.
- 29% of attacks come from insider threats - intentionally or unintentionally.
- Leadership and cybersecurity teams who meet regularly to discuss risk reduction are more cybersecurity-ready - those who met 15 times a year incurred zero breaches whereas those who suffered six or more breaches met under nine times on average.
“Surprisingly, the survey shows that victims of attacks do not double down on their defenses once they have been hit and they are largely seen by hackers as easy, lucrative prey”, said Eyal Wachsman, CEO and Co-Founder of Cymulate. “However, it’s great to see businesses are showing progress in other areas. Increased awareness and understanding of cyber risk at the boardroom level is making a substantial impact as the results illustrate that companies who are more proactive on this front incur less breaches. Another positive note is that larger corporations who have suffered breaches are recovering quicker and experiencing less damage from a business perspective, indicating that they have enhanced their capabilities to mitigate attacks and prevent damage.”
To access the full report, see here
Cymulate SaaS-based Extended Security Posture Management (XSPM) deploys within an hour, enabling security professionals to continuously challenge, validate and optimize their cyber-security posture end-to-end, across the MITRE ATT&CK® framework. The platform provides out-of-the-box, expert and threat intelligence led risk assessments that are simple to deploy and use for all maturity levels, and are constantly updated. It also provides an open framework to create and automate red and purple teaming by generating penetration scenarios and advanced attack campaigns tailored to their unique environments and security policies. Cymulate allows professionals to manage, know and control their dynamic environment.
Contact for Cymulate:
Levona Simha, VP Marketing at Cymulate
IL: +(972) 523 536638
Media contact for Cymulate:
US: +1(707) 533-1504
IL: +(972) 54-649-3485