After being breached once, many companies are likely to be hit again
Cymulate announced the results of a survey, revealing that two-thirds of companies who have been hit by cybercrime in the past year have been hit more than once, with almost 10% experiencing 10 or so more attacks a year.
Research taken from 858 security professionals surveyed across North America, EMEA, APAC and LATAM across a wide range of industries including technology, banking, finance and government, also highlighted larger companies hit by cybercrime are experiencing shorter disruption time and damage to business with 40% reported low damage compared with medium-size businesses (less than 2,500 employees) which had longer recovery times and more business affecting damage.
- 40% of respondents admitted to being breached over the past 12 months.
- After being breached once, statistics showed they were more likely to be hit again than not (66%).
- Malware (55%), and more specifically ransomware (40%) and DDoS (32%) were the main forms of cyber attacks experienced by those surveyed.
- Attacks primarily occurred via end-user phishing (56%), via third parties connected to the enterprise (37%) or direct attacks on enterprise networks (34%).
- 22% of companies publicly disclosed cyberattacks in the worst-case breaches, with 35% needing to hire security consultants, 12% dismissing their current security professionals and 12% hiring public relations consultants to deal with the repercussions to their reputations. Top three best practices for cyberattack prevention, mitigation and remediation include multi-factor authentication (67%), proactive corporate phishing and awareness campaigns (53%), and well-planned and practiced incident response plans (44%). Least privilege also ranked highly, at 43%.
- 29% of attacks come from insider threats – intentionally or unintentionally.
- Leadership and cybersecurity teams who meet regularly to discuss risk reduction are more cybersecurity-ready – those who met 15 times a year incurred zero breaches whereas those who suffered six or more breaches met under nine times on average.
“Surprisingly, the survey shows that victims of attacks do not double down on their defenses once they have been hit and they are largely seen by hackers as easy, lucrative prey”, said Eyal Wachsman, CEO of Cymulate.
“However, it’s great to see businesses are showing progress in other areas. Increased awareness and understanding of cyber risk at the boardroom level is making a substantial impact as the results illustrate that companies who are more proactive on this front incur less breaches. Another positive note is that larger corporations who have suffered breaches are recovering quicker and experiencing less damage from a business perspective, indicating that they have enhanced their capabilities to mitigate attacks and prevent damage.”