One in three IT security managers don’t have a formal cybersecurity incident response plan

Regardless of industry, information security incidents have become more of a targeted threat for businesses, increasing in amount and efficacy, according to the 2021 Data Security Report from GetApp.

Of all the security incidents identified by over 900 surveyed employees at U.S. businesses, the three most threatening incidents were: increasingly severe ransomware attacks, more effective phishing schemes, and rampant reusing of passwords.

• Respondents reported phishing emails have nearly tripled in effectiveness over the past two years. Phishing emails are rapidly becoming more difficult to spot and thus far more destructive.
• Over the past year, ransomware attacks have increased by 25%. Ransom demands were significantly higher than average for businesses in specific industries, such as banking and financial services and construction, with higher payouts.
• The report found that password reuse is strongly associated with higher incidences of security breaches. Reported account takeovers were three times as common among people who reuse passwords as those who don’t.

“Data security threats are becoming more targeted to individual victims, whether that’s a phishing scheme aimed at a specific person or ransomware attacks on a particular company,” said Zach Capers, senior analyst at GetApp. “Companies must redouble security training efforts and fortify their networks to protect against today’s increasingly sophisticated cybercriminals.”

Alarmingly, 23% of the IT security managers surveyed say their company doesn’t have protocols in place to report a suspected cyberattack and 33% don’t have a formal cybersecurity incident response plan.