Netwrix Annual Security Survey: 68% of Organizations Experienced a Cyberattack Within the Last 12 MonthsNetwrix Annual Security Survey: 68% of Organizations Experienced a Cyberattack Within the Last 12 Months
The most common consequences were unplanned expenses, loss of competitive edge, and decreased sales.
April 18, 2023
FRISCO, Texas, April 18, 2023 – Netwrix, a cybersecurity vendor that makes data security easy, today announced the release of its annual global 2023 Hybrid Security Trends Report. It reveals that 68% of organizations experienced a known cyberattack within the last 12 months. Nearly 1 in 6 (16%) of those organizations estimated the financial damage to be at least $50,000. What’s more, 40% of the breached organizations incurred unplanned expenses and 10% suffered other serious consequences, such as loss of competitive edge, decreased sales or customer churn.
To mitigate the risk of financial loss from data breach, organizations often opt to purchase cyber insurance. Indeed, the study found that 44% of organizations are insured and 15% plan to purchase a policy within the next 12 months. Nearly 1 in 4 (22%) of the organizations with a policy had to improve their security posture to even be eligible for the policy.
“While cyber insurance has value, it’s vital to remember that it is no substitute for a strong security posture. After all, while an insurance payout can defray the financial impact of a security incident, no policy can restore an organization’s data, operations or reputation,” says Dirk Schrader, VP of Security Research at Netwrix.
The survey also reveals that on-premises infrastructures suffer more cyberattacks than the cloud. The starkest difference was for ransomware and other malware attacks, which were reported by nearly twice as many respondents for on-premises environments (37%) as for the cloud (19%).
“On-prem environments are more vulnerable to attacks than software-as-a-service (SaaS) systems because they often have sprawling privileges on the infrastructure level. For example, users might have administrative rights on their computers and service accounts often have elevated rights. Malicious actors can abuse these standing privileges to spread malware quickly across on-premises systems,” says Dmitry Sotnikov, VP of Product Management at Netwrix.
Other survey findings include:
81% of organizations now use at least one cloud environment and more than a third (37%) of the remainder plan to adopt cloud technologies within 12 months.
Phishing is the most common attack vector: 73% of respondents suffered this type of cyberattack on premises and 58% experienced it in the cloud.
Account compromise attacks in the cloud continue to intensify, with 39% of respondents reporting it in 2023 compared to 31% in 2022 and just 16% in 2020.
Risk associated with an organization’s own employees was the top data security concern, cited by 58% of respondents.
The three main IT priorities for 2023 have remained the same since 2019: data security, network security and cybersecurity training.
“Understaffing of IT teams is the biggest challenge to ensuring data security, cited by half of respondents. Therefore, it is crucial to build a security architecture that reduces the workload for IT and security pros. Automating routine tasks, choosing mature security products that produce fewer false positive alerts, and relying on a select group of trusted vendors that have an extensive portfolio and a unified support team can help mitigate the shortage of security personnel,” says Dmitry Sotnikov.
Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of security professionals by enabling them to identify and protect sensitive data to reduce the risk of a breach, and to detect, respond to and recover from attacks, limiting their impact. More than 13,000 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity, and infrastructure.
For more information, visit www.netwrix.com.
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023