Over half of all companies worldwide quote inadequate cybersecurity budgets as a key factor underpinning a dramatic rise in global cybercrime in the first three quarters of 2023.
According to a survey of almost 2,000 cybersecurity practitioners worldwide undertaken by the Ponemon Institute and commissioned by cybersecurity firm Barracuda: “There are a number of common factors that contribute to organizations’ exposable security postures. These include significant IT security budget shortfalls, a general lack of consistent enterprise-wide security policies and programs, ineffective (or no) incident response plans, and an inability to protect against automated security attacks criminals create using generative AI technology.”
Fifty-five percent of respondents quoted inadequate IT security budgets as the chief cause of their growing vulnerability to cyber-attacks. A further 42 percent highlighted inadequate enterprise-wide security policies and programs. A lack of inventory of third parties with access to sensitive and confidential data adversely impacted 38 percent. Another key factor is a lack of support from senior leadership, with 25 percent of respondents saying that management teams fail to regard cyberattacks as a significant risk.
Ransomware – “a global scourge”
Cybercrime is on the rise: “The Identity Theft Resource Center tracked 2,116 data compromises in the first three quarters of 2023, breaking the all-time high of 1,862 compromises in 2021.”
“Ransomware has become a global scourge,” says the report, with 71 percent of respondents saying that their organization had suffered a ransomware attack the past year and 61 percent admitting to having paid the ransom.
Barracuda quotes an example of the new breed of cyber threat. One victim, Medicaid and Medicare plan provider CareSource, is now facing multiple class-action lawsuits over a recent data breach that exposed the sensitive health information of over three million people. But, although CareSource patched the flaw in just one day, they were already too late.
The report showcasing the findings, Uncovering the Financial Forces Driving Cyber-Attacks, also breaks down the escalating costs resulting from successful cyber breaches. The average cost associated with the damage or theft of IT assets and infrastructure and subsequent technical support, including forensic investigations, incident response activities, help desk and customer service operations, is $2.98 million. Coupled with this, the average cost of the disruption to normal operations, including revenue losses, because of system downtime or other availability problems is $2.36 million. The total average annual response cost is, therefore, US$5.34 million.
