Cyberattacks, Other Threats Remain Top Concern For All Industries

While ransomware continues to make headlines, it’s not the only thing threatening businesses, finds new InformationWeek report.

While ransomware continues to make headlines, it’s not the only thing threatening businesses, finds new InformationWeek report.

Cyberattacks and other threats to an organization’s ability to do business remain a top concern across all industries, according to InformationWeek’s 2023 State of Cyber Risk and Resiliency report.  While ransomware continues to make headlines, it’s not the only thing threatening businesses. When asked, 18% of respondents report cyberattacks threatened or disrupted their business, severe weather or natural disaster (15%) and internal failure or failure of an internal system (12%) were also high on the list.

“Many of the decisions that CIOs and CISOs have to make during a crisis aren’t about technology; they’re about business and risk,” said Sara Peters, Editor-in-Chief of InformationWeek. “Our survey asked respondents what types of events, including cyberattacks, caused major disruptions to their IT systems. They told us that increasing attacks by malicious actors are making it more difficult for organizations to maintain IT operations after an incident; but it’s much more complicated than that. Cyber resilience and cyber incident response plans are expanding to include supply chain breakdowns, cloud computing outages, geopolitical events, AI-related threats, death, climate change and more. Many technologies are implemented to maintain resilience, and solid backups remain the number one answer. The challenges seem insurmountable sometimes, and the fact that our readers approach cyber resilience so bravely is impressive.”

Cyber risk mitigation investments are not the bulk of budget allocations for most companies. The research shows that 39% of respondents allocate less than 10% of their annual IT budget to cybersecurity. The investment is split between defense (70%), such as technologies and talent expenditures, and rebound (30%), like business continuity, disaster recovery, data backups, cyber insurance and ransom money.

Due to strong defense and resilience strategies, more than half of respondents (51%) said their companies did not experience a significant disruption of any kind. It’s unclear what percentage of respondents may have been lucky and what percentage benefited from as end-user training (62%); identity and access management (58%); encryption (58%); endpoint detection and response (57%); and physical security controls (54%).

A strong defense strategy may not be enough to hold the attackers back and a company must rely on the strength of its rebound plan. The best way to gauge the incident response effectiveness is to test it, yet nearly one quarter (23%) of companies surveyed have either never conducted tests or are unsure if their teams have tested with tabletop exercises or other measures. Backups top the list of tools and procedures used by respondents (69%), yet half of respondents (50%) report they include misconfigurations in their cyber resilience plans, and 43% include planning for severe weather events. Nearly half of companies (46%) reported carrying cyber liability insurance either as a standalone policy or as a rider on a larger business insurance policy. Of those with cyber insurance, 84% believe the protection is worth the expense.

Cyberattacks
Click image to enlarge.

InformationWeek surveyed 180 IT executives, management, and cybersecurity professionals with questions centered on the challenges of maintaining IT resiliency and cybersecurity. The survey asked about their cyber resiliency strategy, budget, staffing, incident response testing, cyber insurance and claims, and cyberattacks that significantly disrupted business.

Click here to read more about cybersecurity and business continuity issues from Continuity Insights.

Business Continuity, Featured, Professional Development, Safety and Security, Technology

2023 State of Cyber Risk and Resiliency, Business Disruption, Business Resiliency, Cybersecurity, InformationWeek, Natural Disasters, Professional Development, ransomware, security, severe weather

Sponsored Content
Featured Video

Webinars, Podcasts & Videos

Business Continuity Webinar

Did You Miss Our Latest Business Continuity Webinar?

It's not too late! You can still watch the “Business Continuity Exercise Planning and Facilitation Techniques To Start Now” video webinar.

facility resilience webinar

From Prevention To Action: The Role Of Facilities Management In Handling Emergencies And Maintenance

This free webinar on facility resilience will provide actionable strategies to safeguard assets, protect lives, and ensure operational continuity.

adaptive decision-making

Listen Now: Decision-Making During A Crisis

Robert C. Chandler, Ph.D, Founder and Principal of Emperiria discusses his research on adaptive decision-making in this podcast.

Receive the latest articles in your inbox

Share to...