Worried about job security, cyber teams hide security incidents

The frequency and severity of cyberattacks are increasing—yet most businesses remain unprepared, according to VikingCloud. Between a growing talent shortage, alert fatigue, and new sophisticated attack methods, companies are more susceptible than ever.

The research reveals that 40% of cyber teams have not reported a cyber incident out of fear of losing their jobs – a disclosure that signifies a serious underreporting of cyber breaches globally.

This trend also leaves businesses at risk of being non-compliant with emerging industry regulations, as well as vulnerable to rising attacks, reported in the survey to have both increased in frequency for 49% of companies and severity for 43% in the past 12 months.

Companies are confident in their ability to detect cyberattacks

The data – gathered from a quantitative survey of nearly 170 cybersecurity professionals at the c-suite, VP, director, and manager level in the United States, United Kingdom, and Ireland – shows 96% of companies are confident in their ability to detect and respond to cyberattacks in real time.

Yet, the same companies also acknowledge that they are unprepared for today’s most pressing cyber risks, including ransomware attacks against a critical third party (48%), phishing attacks (40%), DNS attacks (33%), and ransomware attacks against their business (32%).

“Cyber teams are facing major challenges such as the growing talent shortage, new attack methods, and the advancing sophistication of cybercriminals,” said Kevin Pierce, CPO at VikingCloud. “Although many leaders report confidence in their defensive capabilities, it’s clear this false sense of security is leaving many businesses vulnerable. Teams are trying to do more with less while cybercriminals continue to stay one step ahead. Without understanding their actual risk status and investing in the right technology, people, and expert partners, companies will become even more susceptible to the latest attack methods.”

A rising skills gap between cyber teams and criminals

53% reveal emerging AI attack methods are creating new attack points for which they are unprepared. The most worrying AI threats include GenAI model prompt hacking (46%), Large Language Model (LLM) data poisoning (38%), Ransomware as a Service (37%), GenAI processing chip attacks (26%), Application Programming Interface (API) breaches (24%), and GenAI phishing (23%).

55% of companies believe cybercriminals are more advanced than their internal team. 35% reported the technology cybercriminals use is more sophisticated than the tech to which their team has access. Despite that, a third of companies still have not trained their team on GenAI-related cyber risks.

Only 10% of companies have increased cyber hiring in the past 12 months, and nearly 20% of companies say a lack of qualified talent is a key challenge to overcoming cyberattacks. 35% of companies don’t have enough budget to invest in new tech and 32% don’t have enough budget to hire more staff.

Cyber alert fatigue is straining cyberattack response times

33% of companies were late to respond to cyberattacks because they were dealing with a false positive, and 63% spend more than 208 hours per year managing false positives.

Overall, 68% of cyber teams surveyed could not currently meet The Securities and Exchange Commission’s four-day disclosure requirement and cyber industry benchmark based on the average amount of time they estimate it would take to respond to a new, serious attack.

Technology has the potential to be an equalizer for cyber teams. 63% of companies are looking to implement new tech that can help alleviate the impacts of the cyber talent shortage. 41% say GenAI has the most potential to address cyber alert fatigue. Yet only 5% of companies allocated additional budget to their cyber programs in the past year to address these ongoing challenges.

“There are two ways cyber leaders can look at advanced technology like GenAI – as a threat or as a weapon. The reality is that it’s both, which makes it essential for businesses to aggressively implement the right solutions to arm their teams and beat cybercriminals at their own game,” Pierce said.