IT and security leaders must address an average of one cyberattack per week, according to a new study, “The State of Data Security,” by Rubrik Zero Labs, the cybersecurity research division of Rubrik.
Rubrik, a specialist in zero trust data security, commissioned Wakefield Research for the study, gathering insights from more than 1,600 security and IT leaders. The research was conducted in the U.S., U.K., France, Germany, Italy, Japan, Australia, Singapore and India between during July 2022, the company said in a prepared statement.
Key Findings of the Study
Rubrik states that the following findings exposed rising security risks, resulting in widespread damage to organizations and their IT and security teams.
Cyberattacks continue to surge in volume and impact:
- Nearly every leader surveyed experienced a cyberattack over the past year, and on average faced 47 attacks in that timeframe, or nearly one cyberattack per week.
- 52% reported a data breach and 51% reported facing a ransomware attack in the past year.
- Only 5% of organizations were able to return to business continuity or normal operations within one hour of discovering a cyberattack.
- 48% of IT and security leaders reported to be concerned about data breaches (25%) or ransomware events (23%) as the top threat for the year ahead.
Organizations are losing confidence in their ability to withstand attacks:
- 92% of respondents are concerned they will be unable to maintain business continuity if they experience a cyberattack.
- One third believe their board has little to no confidence in their organization’s ability to recover critical data and business applications after a cyberattack.
- 76% of survey respondents reported their organization is likely to consider paying a ransom following a cyberattack.
- 11% of IT and security leaders said they had not adequately addressed vulnerabilities from previous cyber events.
The weight of cybercrime is taking a toll:
- 96% of respondents reported experiencing significant emotional or psychological consequences following a cyberattack, ranging from worries over job security (43%) to loss of trust among colleagues (37%).
- Approximately one third of respondents reported leadership changes as a result of a cyberattack.
- Approximately one third of leaders surveyed said their IT and SecOps teams were either somewhat or not at all aligned when it came to defending their organizations.
Good News, Bad News
Steven Stone, head of Rubrik Zero Labs, explained that the research clearly shows that cyberattacks continue to produce large impacts against global organizations and the effects are compounding:
“In addition to this rise in frequency and impacts of cyber events, the individuals on the front lines are taking a psychological hit on their wellbeing. Trust is down and anxiety is up. Without a proactive and reliable approach to defend against modern cyberthreats and strengthen confidence in an organization’s ability to resolve these cyber events, these impacts — both human and organizational — will continue to worsen and feed each other. The good news is we’re also seeing pragmatic, proven strategies in this same space paying off and we can build off these approaches.”
Commenting on the report on behalf of Rubrik, Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA), stated:
“We often overlook the psychological dimension of cyberattacks and the chaos that tends to follow after discovering an incident. The bad guys sure have figured it out, though, with criminals and state actors alike trying to generate emotional responses when they attack, as evidenced by the increase in criminal extortion efforts and hack and leak campaigns.
"In the end, IT and security leaders alike tend to take the blame for these cyberattacks. One of the most effective techniques I’ve seen to prepare for these types of attacks is to accept you’re going to have a bad day at some point, and your job is to ensure that it doesn’t become a ‘worse day.’
"This is why we need defenders across the spectrum to come together — sharing best practices, learnings after attacks, simulations, frameworks — so that we’re collectively strengthening our defenses and minimizing the psychological impact brought on by an attack.”