Nearly 80% of ransomware victims faced up to three additional threats unless they paid the ransom during 2022, according to a new report from CyberEdge Group, a research and marketing firm.
Among those threats included distributed denial of service (DDoS) attacks (42%), notifying customers or the media of the data breach (42%), and publicly releasing exfiltrated data (40%).
Cyberattack Expectations for 2023
However, 2023 could be different, according to data from CyberEdge’s newly released, 10th annual Cyberthreat Defense Report. According to the findings from a survey of 1,200 IT security decision makers and practitioners worldwide, the percentage of survey respondents who believe it’s more likely than not that their employers will be victimized by a successful cyberattack this year declined for the first time in six years, dropping from 76% to 72%.
In addition, their overall concern about cyber threats ticked down with the percentage of organizations experiencing at least one successful attack in 2022 (85%) declined for the second consecutive year.
Commenting on the survey results: Steve Piper, CyberEdge founder and chief executive, said:
“Security professionals rarely hear good news when it comes to cyberthreat statistics. Overall concern for cyber threats ticked down for the first time since the start of the pandemic, concern for web and mobile attacks is down, concern for cloud security challenges is down, and security professionals are starting to feel more optimistic. With increased adoption of modern cybersecurity defenses, the industry may finally have turned the tide against our cyber adversaries.”
More Key Findings
Here are some additional key findings from the study:
- Among the most sought-after security technologies in 2023 are next-generation firewalls, deception technology, bot management, and full packet capture and analysis.
- Industrial control systems (ICS), internet of things (IoT) devices and mobile devices top this year’s list of the IT components that respondents indicated are most challenging to secure.
- 87% or organizations are experiencing a shortfall of security talent, with IT security administrators in greatest demand.
- Security professionals who have earned one or more IT security professional certifications cite “expanded knowledge” as the primary benefit of their credentials. “Increased compensation” is at the bottom of the list.
- 92% of organizations are adopting emerging security technologies such as zero trust network architectures (ZTNA;), eXtended detection and response (93%), and secure access service edge (93%).
- The average information security budget went up by 5.3% in 2023, a new record in the study.