While 2023 may be a tough year from a macroeconomic perspective and result in tighter budgets, cybersecurity continues to be top of mind for organizations amid rising cyberattacks and exploding volumes of data. In fact, research from the Enterprise Strategy Group indicates that 65% of organizations plan to increase cybersecurity spending this year.
Despite the growing focus on cybersecurity, now is not the time to take the foot off the gas pedal. There are several reasons why organizations must prioritize cybersecurity, especially in today’s economic climate.
First, many companies believe they will not be affected by potential cyber threats due to their size, industry or location. As global cyberattacks continue to rise, all organizations must understand the importance of cybersecurity protection. An easy and relatively inexpensive way for businesses to defend against potential threats is to reduce their attack surface, in particular reducing data that is redundant, obsolete and trivial (ROT). This should include a comprehensive review and inventory of data repositories.
Organizations also need to realize that cyber threats are constantly evolving, which is why cybersecurity must be viewed as an always-on company priority. The involvement of executive management is critical here as well; recent research from Mandiant indicates that 67% of businesses believe their senior leadership team underestimates the cyber threat to their organization.
From damaged brand reputation to the potential exposure of sensitive data, ransomware attacks are costly for any organization. But one of ransomware’s most immediate—and business-critical—impacts is extended downtime. Businesses experience an average downtime of 21 days due to a ransomware attack (pg. 7), and it can take even longer to fully recover. Meanwhile, cyberattackers made roughly $456.8 million in ransomware profits in 2022. This is about a 40% decrease from 2021, as ransom pay rates have dropped over the past couple of years.
In the current economic environment, organizations simply do not have the time or money to spare when it comes to disruptions in business operations. For example, one health system recently reported that it lost at least $150 million from an October 2022 ransomware attack, including costs associated with business disruption.
And cyberattackers are increasingly targeting industrial and critical infrastructure companies, as evidenced by the recent attack on U.K. postal agency Royal Mail. Organizations can take several proactive steps to defend themselves against ransomware that will help to avoid costs later on, such as developing a comprehensive incident response plan, performing ongoing cybersecurity awareness training and educating executives on ransomware’s negative impacts.
The hybrid work environment and record employee turnover have made insider threats a significant risk to organizations today. According to a report by the Ponemon Institute, insider threats increased by 44% between 2020 and 2022. While not all insider threats are considered malicious, they can be extremely detrimental. The Ponemon Institute report also found that the total average annual cost for an insider threat was $15.4 million, and it took organizations an average of 85 days to contain an incident. With layoffs at an all-time high, especially in the tech industry, it’s not hard to imagine that those numbers will only increase in 2023.
The good news is that businesses can reduce insider risks, most notably by centralizing their data views to know who is accessing what material and how often. This can allow businesses to identify typical user behaviors as well as behavior that could indicate potentially dangerous conduct. Businesses should also limit users’ access to files that contain sensitive information.
It’s important to note that with this greater attention on cybersecurity, there will also be an enhanced focus on vendors. Buyers will demand more functionality and transparency as they look to automate tasks and understand the total cost of ownership. Therefore, it is imperative that vendors continue to evolve to meet users’ needs. This will ultimately help organizations to better navigate the rapidly changing threat landscape.