Home / Business Continuity / Phishing, Spear Phishing, Ransomware Are Top Threats As Volume Of Cyber Attacks Rises

Phishing, Spear Phishing, Ransomware Are Top Threats As Volume Of Cyber Attacks Rises

Businesses continue proactive cyber resilience measures as cyber attacks become increasingly more prevalent.

Businesses Continue Proactive Cyber Resilience Measures As Cyber Attacks Become Increasingly More Prevalent.

(Photo: Adobe Stock / James Thew)

There’s been a recent uptick in cyber disruption levels and cyber attacks, as reported by The BCI in the BCI Update Series: Cyber Resilience Report 2024. This has resulted in increasing cyber resilience arrangements from organizations, and new changes and trends in the sector.

Increase In Volume And Methods Of Cyber Attack

Cyber threats have increased in severity over the past year, with 75% of respondents reporting a rise in attempted breaches. Additionally, 39.4% fall victim to a successful cyber attack. Traditional phishing, particularly credential harvesting, continues to thrive due to widespread digitalization and availability of Artificial Intelligence (AI) tools. In total, 61.3% of respondents said their organizations suffered a cyber incident as a result of phishing or spear phishing. This highlights the continued popularity and effectiveness of this method of attack.

Despite this trend, ransomware is identified as the top threat for over 90% of organizations over the next five years. Its position at the top of the table is due to the increasing complexity of ransomware attacks. These attacks often use sophisticated social engineering attempts on senior management. Such ambushes have the potential to wreak financial havoc on organizations, as well as delivering severe reputational harm. Additional identified threats for the next five years include lack of staff awareness, reputational damage, AI, and state-sponsored cyber attacks.

Positive Rise In Proactive Measures

Over the last year, nearly half of organizations have successfully thwarted cyber attacks through their preparedness and fast response. This has occurred despite growing sophistication and increasing attack volumes. A positive move is the increased uptake of controls to manage cyber security risk. A majority (93%) of organizations have taken measures to manage cyber risks, marking a rise from 89.9% in 2023. In addition, there has been a significant increase on previous years’ cyber attack response times. Now, 73% of respondents are capable of orchestrating a response within an hour, and 14% doing so instantaneously.

Overall, despite challenges in technology access across regions, advancements in detection and response capabilities, plus robust awareness and training programs, have enhanced cyber resilience.

Developing Organizational Responses

In response to the reported increasing severity and the sophistication of cyber attacks, 65.9% of respondents reported a high level of commitment from top management to cyber risk, indicating a growing recognition of cybersecurity’s critical importance at the highest organizational levels, as well as the potential for business-changing financial and reputational impacts. However, there remains a need for ongoing education and awareness efforts to ensure comprehensive understanding of cybersecurity complexities among top managers. 

Perhaps due to the recognition of severe financial loss that could be caused by an attack, organizations are increasingly leveraging cyber insurance to provide a financial safety net. While less than half of respondents reported cumulative impacts of cyber attacks under 50,000 euros, most do not account for indirect costs, such as lost customers and lost sales, when estimating the financial impact of cyber incidents.

Other Findings
  • Close to half of the respondents have implemented a comprehensive business continuity management program to address cyber incidents.
  • The main causes of cyber incidents were employees opening malicious links (56.2%), out-of-date software (30.1%), and using weak credentials (20.6%).
  • Less than three-quarters of organizations execute regular back-ups to ensure data cannot be compromised.
  • 72.7% of respondents have cybersecurity staff possessing specialist qualifications, and two-thirds (66.2%) adhere to recognized cybersecurity standards such as ISO 27001. 
  • There is consensus between professionals over the need to establish closer relationships between business continuity/resilience and IT/cyber security functions, but persistent challenges (such as organizational siloes) remain when integrating technical teams.

“This year’s update report shows just how quickly the cyber security landscape can change. We are seeing how global conflicts are now no longer confined to the battlefield and are played out in the cyber environment, while AI-technologies are not only helping to craft attacks, but are also becoming part of social engineering techniques where, for example, deepfake technology can help make an attack appear credible,” said Rachael Elliott, Knowledge Strategist at BCI. “As attackers become more skilled and attack vectors advance, it is concerning that less than two-thirds of those surveyed report their organization carries out regular training and exercising to ensure staff are cyber aware. Training should not only be frequent, but programs should continually evolve so they capture new types of attack and the evolving vectors that criminals are developing.”

Click here to learn more about the rise in cyber threats and cyber resilience measures

AI, Business Resiliency, Cyber Resilience, Cybersecurity, Editors Pick, Emergency Preparedness, security, The BCI

Receive the latest articles in your inbox

Share to...