Content, Content

Organizations Still Not Adequately Prepared for Cyber Despite Rise in Global Awareness

Cybercrime, piracy and data theft. Network security breach. Compromised computer showing skull and bones symbol. Digital 3D rendering concept.

Organizations are still not addressing cybersecurity issues adequately enough despite high awareness of the risks of attacks, a new study said.

For example, in a study of 2,700 executives and IT security professionals in 17 countries, 20 percent of the U.S. respondents said their organizations had been hit by a ransomware attack but 40 percent had no plans to up their cybersecurity defense spending, according to Thales, a Paris, France-based security provider, in newly released research. Moreover, in the U.S. slightly more than half (52%) of organizations have a formal ransomware response plan in place while worldwide less than half (48%) have that level of preparedness.

Thales’ researchers categorized the study’s results by data exposure, cloud adoption and future threats. Here are some of the key U.S. findings:

  • 24% of U.S. respondents said they have paid or would pay a ransom for their data.
  • Malware was the leading source of attacks (53%), followed by ransomware (49%) and phishing/whaling attacks (42%).
  • Of those IT respondents globally who were attacked, 55% say their internal operations were impacted, including 19% who said they were significantly affected and required remediation.

Here are some global highlights:

  • Financial loss, such as lost sales and legal expenses, has been or would be the greatest impact from a ransomware attack, according to 23%. Others include lost productivity (19%), recovery costs (18%), data exfiltration (16%), brand reputation (11%) and customer loss (7%).
  • 22% of respondents worldwide said they have paid or would pay a ransom for their data.
  • 41% of respondents worldwide say they have no plans to change security spending.
  • 28% have added additional budget for ransomware tools.

Here are some of the study’s findings on data visibility.

  • 34% of IT leaders in the U.S. said they are very confident about where their data is being stored, down 3% from the prior year’s study.
  • Only 16% said they have complete knowledge of where it is stored.
  • 43% of U.S. IT leaders failed a compliance audit in the past 12 months.

Here are some of the study’s findings on cloud adoption:

  • 40% of U.S. respondents use more than 50 software-as-a-service (SaaS) applications, including 21% who use more than 100 apps.
  • 51% of U.S. IT leaders said it is more complex to manage privacy and data protection regulations in a cloud environment than in on-premises networks within their organization.
  • 33% of U.S. respondents said that roughly half of their workloads and data reside in external cloud. 29% report more than 60%.
  • 42% of U.S. respondents say they are slightly or not at all confident that their current security systems can effectively secure remote work.

And, some data on what's to come:

  • 24% in the U.S. said broad cloud security tool sets are the greatest future spending priority.
  • 34% in the U.S. said they expect to prioritize spending on key management in the future, with Zero Trust an important strategy for 32%.
  • On security threats from quantum computing, 57% in the U.S. are concerned with risk of network decryption, followed by key distribution (53%) and future decryption of today’s data (52%).
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.