Cyber incidents - lack of transparency concerns

Arctic Wolf has published findings from a recent global survey of over 900 senior IT and cybersecurity decision-makers at enterprise organisations across the globe, including 300 from the UK. After a year of geopolitical and economic uncertainty, the survey data reveals executive attitudes on a wide array of cybersecurity and business issues entering 2023.

Key findings of the survey include:

Economic Uncertainty Is Having an Impact on Future Cybersecurity Investments

• 39% of UK organisations have reduced headcount in their IT or security department in the last year. Compared to a global average of 26%. Only sales and marketing and operations teams saw a higher rate (46%) of layoffs in the UK.

• Inflation is the top business concern entering 2023, with over half (59%) of UK organisations saying it is impacting their business. Over the same period last year, continued cyber attacks were the top concern among nearly two-thirds (63%) of global executives, but now is cited by only 36%.

• Just over one-in-five UK businesses (22%) aren’t planning on increasing their cybersecurity budget in 2023.

Organisations are Plagued by Lack of Transparency and Accountability Around Cyber Incidents

• UK respondents claimed that if their organisation was to experience a breach, 64% wouldn’t disclose it to their customers, and less than half (43%) would disclose it to their own executive team.

• Despite the uptick of supply-chain attacks globally in recent years, less than a third (23%) of global business leaders in the technology and telecom industry would disclose an incident to organisations they provide services to.

• Who gets the blame? 49% of UK respondents say they would place the blame for a breach on the cybersecurity or IT team, while only 6% of executive leaders in the region would take ownership themselves.

Ransomware Takes a Backseat to Cloud and Business Email Compromise (BEC) Fears

• 54% of UK IT decision-makers cited a cloud-based data breach as their top concern.

• Over half of UK enterprises (53%) surveyed admit to having experienced at least one major security event in the last year. Over a third of those companies experienced either a business email compromise (37%) or a ransomware attack (35%).

• Why the uptick in BEC attacks? In the last year, 90% of UK executives were targeted by malicious messages. Just under half (46)% of executives’ leaders in the region claim to have gotten a malicious message on a social networking site like LinkedIn, while 44% claim to have received a text message or email impersonating another executive at their company.

Russian Retaliation a Top-of-Mind Concern for Business Leaders

• 59% of UK respondents fear a cyber backlash from Russia if the Ukraine war finishes or slows.

• Just over two-in-five (43%) IT decision-makers in the UK see Russia as the greatest source of threats targeting their businesses, with China being a distant second (21%). During the same period last year, China and Russia were seen equally as dangerous by global security leaders.

• Over half of enterprises (57%) have pulled or reconsidered businesses operations in Russia and/or China due to cyber risks in the last year.

“While a turbulent economic climate will have many executive leaders taking a long hard look at their budgets over the coming year, threat actors will certainly continue to invest in developing new tactics, techniques, and procedures with the end goal of executing cyber attacks,” said Ian McShane, VP of Strategy, Arctic Wolf.

He continued, “With over half of organisations experiencing a breach in the last year, it is no longer a matter of ‘if an incident occurs,’ it’s ‘when’. To defend against ransomware, BEC, and cloud-based attacks, executives must build their security culture from the top down and ensure business-wide accountability in protecting their customers, employees, and partners.”