In a turbulent and uncertain economy, it is more important than ever to have a strong cybersecurity strategy that mitigates risks to data and the balance sheet. Ponemon Institute’s study on cybernomics, sponsored by Barracuda, reveals the potential serious financial consequences for small-to-midmarket enterprises (SMEs) while hackers get richer.
Research reveals tactics of hackers
The purpose of this research is to understand the economic consequences when a hacker decides to target an organization. The most lucrative attacks are target-specific exploits, API attacks, and zero-day exploits of widely used software components. To get an international perspective, a total of 1,917 IT security practitioners were surveyed. The countries included are the United States, United Kingdom, France, Germany, and Australia.
As revealed in this research, just in a single day hackers decide to attack, they average 9 successful attacks. More concerning is that attacks are expected to become more profitable and frequent when hackers decide to use generative AI. Forty-eight percent of respondents familiar with this technology say it will reduce the time it takes for a hacker to exploit a vulnerability within an environment, and 50 percent of respondents say AI will increase the number of attacks a proficient hacker can launch in one day.
Budget challenges and costly security incidents
SMEs are as vulnerable to cyberattacks as the largest organizations. We asked participants in this study to estimate the average cost of security incidents, including ransomware, they experienced. The average annual cost to respond to damage or theft of IT assets and infrastructure and disruption to normal operations over the past 12 months totaled $5.33 million. Of those who had a ransomware attack and decided to pay the ransom, the cost averaged $1.38 million for one attack.
Such financial consequences can help IT security justify the need to increase budgets and invest in technologies that reduce vulnerabilities. The two primary areas of weakness, according to respondents, are the lack of visibility into the network and applications and the difficulty in securing the supply chain. Unfortunately, there is a serious IT security budget gap to deal with a worsening threat landscape. The average budget for IT is $18.2 million, and of this an average of only $5.1 million is allocated to IT security activities.
In addition to assessing what technologies are needed to reduce risks and overall cybersecurity costs, having consistent enterprise-wide security policies and incident response plans are recommendations to improve SMEs’ security posture. Taking these steps will help prevent future security incidents and hopefully make hacking a less lucrative career choice.
Note: This was originally published at Journey Notes