Weighing up the state of cyber security in 2021

The message is clear... the damage from attacks is widespread and organisations are increasing security budgets to fend off further impact.

Any lingering indifference to cyber security risk has evaporated in the face of spiking ransomware attacks, software supply chain threats, and the challenges of securing remote workers. That’s the clear message of CSO’s Global Intelligence Report: The State of Cybersecurity in 2021, fielded via online survey in May and June of this year.

Unsurprisingly, half of those surveyed said they had seen an increase in security incidents at their organisations over the past year. What stands out is the extent of the harm: Nearly half of those attacked reported seeing economic damage, a loss of productivity, and theft of PII (personally identifiable information). No less than 28 per cent said intellectual property had been stolen.

Most shocking of all: 15 per cent of respondents who had been attacked experienced a full shutdown of their business and 12 per cent admitted to suffering “massive” economic impact.

The survey also found that 60 per cent of organisations in the utilities sector endured economic damage from a cyber attack, the highest of any industry segment. Utilities and energy companies were also most likely to report intellectual property theft, at 43 per cent. Wholesale and retail companies were most likely to report loss of PII, at 58 per cent.

The global nature of the survey offered additional insight. Organisations based in the U.S. and Canada were the most likely to report an increase in incidents (53 per cent), followed by the Asia-Pacific region (50 per cent), Europe and Middle East (48 per cent), Latin America, and Africa (each at 42 per cent).

No matter where they reside, though, the survey’s respondents believed there’s no let-up in sight. For example, a full 62 per cent of respondents anticipated that a financially driven attack on their organisation, such as ransomware, will occur over the next 12 months.

So how do organisations plan to respond? To begin with, by spending more: 71 per cent of businesses expect to increase their security budget this year. The top spending priority was, naturally, “attack prevention,” at 43 per cent.

Cloud security came in second at 36 per cent, with data privacy and network security tied for third at 35 per cent. Companies in financial services, transportation, and technology were most likely to report an increase of more than 10 per cent in their IT security budget in 2021.

The most disappointing part of the survey involved security awareness. Only half of respondents said that mandatory IT security training or awareness programs had been in place for all users “for some time now,” with an additional 20 per cent saying that initiative had just been introduced. Despite variations in the efficacy of such programs, they’re an absolutely essential part of modern cyber security defences.

Nonetheless, as The State of Cybersecurity in 2021 reveals, for the most part organisations appear to be doubling down on their defences. They have no choice given the damage that has already been wrought.

Cyber security is not a battle that can be won, just fought continually, and around the globe there’s an acute understanding of the monumental risk should organisations fail to commit the necessary resources to the fight.