A survey of 800 data security decision-makers across 11 countries from enterprises with 5,000 or more employees has disclosed a series of alarming results.

The Harris Poll survey uncovered multiple reasons why achieving cyber resilience is difficult. Heading the list, organisations struggle with performance and capability gaps in the detection, response and recovery level essential for addressing immediate and future attacks and breaches.

This research revealed that cyber attacks are increasing (up 15% from 2019 pre-pandemic levels). It came as no surprise that around three out of four (74%) organisations have increased their cyber security budgets and are re-evaluating their cyber security strategies (78%).

Even with increased investment, most businesses (87%) have fallen victim to successful cyber attacks in the past three years that resulted in damage, disruption, or a breach to their businesses.

Despite their efforts, around two-thirds (67%) say more successful cyberattacks have impacted their organisation since the start of the pandemic. In 2020 alone, on average, one in seven (14%) attacks were successful, resulting in a breach, damage, or operational disruption.

Security decision-makers expect this number to climb as their attack surfaces expand alongside the unprecedented scale of digital transformation projects. Yet, even with this increasingly dangerous threat landscape, only 44 per cent have identified incident response best practices they can employ when attacked.

Cyber incidents are taking a financial toll on nearly all organisations, with losses from targeted cyberattacks, malware campaigns, phishing, insider threats and associated data breaches running well into the hundreds of thousands of dollars per organisation.

Nearly three in 10 (28%) businesses globally reported losses of $500,000 or more in 2020, up roughly two-fold (193%) from 2019 and nearly half (47%) reported losses of $100,000 or more. In addition to significant losses, the attacks themselves are increasing at an astounding rate.

In addition to factors such as the rapid pace of digital transformation and rising attacks, many Enterprise Security Decision Makers cited a lack of integrated cyber security solutions as a barrier to detecting, responding to, and recovering from cyberattacks and data breaches.

Many respondents say their organisations have started using, or are planning to invest in, recent technology innovations associated with Extended Detection and Response (XDR) and Advanced Threat Intelligence to counterbalance obstacles.

What is clear is that there is an appetite for cyber security solutions that are well supported (48%), easy to use (46%), and better integrated into existing frameworks and architectures (44%), with more than four in 10 decision-makers considering these attributes to be essential.

The most progressive data security vendors are focused on helping customers gain an advantage over the world's most advanced threat actors. They have introduced innovations built on top of global intelligence capabilities that have advanced from simply showing who adversaries are to enabling organisations to stop them before they have a chance to disrupt business.

Poll analysis

Anomali's threat research team analysed The Harris Poll findings to provide insights on what they mean and suggested actionable guidance on overcoming obstacles standing in the way of cyber resilience.

Because COVID-19 has had such a profound impact on business and cyber security, we queried decision-makers to understand their cyber security postures and challenges going back to 2019.

Among the top takeaways is that even with significant investments made in cyber security over this period, many organisations still face obstacles to achieving the level of cyber resilience needed to protect against, detect, and respond to attackers. This finding may not surprise most, given the increased attention that the news and social media give to data breaches and cyberattacks.

However, we were unaware of what level global enterprises as a whole are being impacted. The new research reveals that 87% of enterprise security decision-makers were the victims of successful cyberattacks perpetrated against them in the past three years that resulted in damage, disruption, or a breach of their business.

The findings also put some concrete numbers around just how much the threat has changed in terms of the actual increase in the number of cyberattacks since the pandemic began. Findings showed that 83 per cent of enterprise security decision-makers had experienced more attempted attacks that included an increase in phishing and the use of COVID-19 as a lure.

The findings did not equate to all bad news. We were encouraged to learn that many organisations are devoting more resources to cyber security and adopting innovative technologies to become more resilient in the face of escalating attacks.

Many enterprise security decision-makers said their organisations are currently using, or are planning to invest in, recent innovations associated with extended detection and response (XDR), advanced threat intelligence, and the MITRE ATT-CK framework.

It is also reassuring that many organisations prioritise investments in effective security outcomes. For example, when evaluating new cybersecurity technologies, security decision-makers said the top attribute they consider essential is whether it has a high level of support available to users. Ease of use and the ability to integrate with other cybersecurity systems and functions across other parts of the organisation were also high priorities.

Article by Anomali APAC senior vice president and general manager, Stree Naidu.