State of Security 2023 Report reveals increase in data breaches and outages

Global research shows over half of organisations have had a data breach, and 62% suffer from unplanned downtime on a monthly basis.

  • Thursday, 6th April 2023 Posted 1 year ago in by Phil Alsop

Splunk, in collaboration with Enterprise Strategy Group, has released the State of Security 2023, an annual global research report that examines the security issues facing the modern enterprise. More than 1,500 security leaders participated in the survey, revealing they’ve continued to see an increase in cyberattacks and unplanned outages. 

According to the report, over half (52%) of organisations say they have suffered a data breach in the past two years (53% in Western Europe), an increase from 49% in 2022 earlier and 39% in 2021. In addition, 62% (68% in Western Europe) of respondents report that their business-critical applications have suffered from unplanned downtime due to a cybersecurity incident on at least a monthly basis, an increase from 54% in 2022.

Key findings from the report include: 

Bad actors are going unnoticed on corporate networks for extended periods of time. On average respondents report over two months (2.24) go by from when a bad actor gains access to when appropriate parties are aware of it.

The mean number of outages an organization faces  is ~22 per year. The costs of this downtime consumes roughly 2.7% of annual revenue. According to Splunk’s recent Resilience Pays Off global research report, this downtime can cost organizations roughly $365,000 per hour. 

Security incidents are an existential threat. Over a third (39%) of the respondents (42% in Western Europe) say cybersecurity incidents have directly harmed their competitive position. In addition, 31% (32% in Western Europe) say cybersecurity incidents have reduced shareholder value.

 

While enterprises face major cybersecurity obstacles, many organisations are taking steps to address these challenges: 

Security teams are spending more. 95% (94% in Western Europe) of the respondents say their security budgets will increase over the next two years, with 56% (60% in Western Europe) saying their budgets are increasing “significantly.” 

Cybersecurity is a team sport. 81% (68% in Western Europe) of organisations say they are converging aspects of their security and IT operations together. Respondents believe that this convergence will help with the overall visibility of risks in their environment (58%, 57% in Western Europe) and that they will see improved cooperation in threat identification and response processes (55%, 52% in Western Europe).  

Organisations focus on protecting their supply chain. 95% (94% in Western Europe) of respondents say they have increased their focus on third-party risk assessments. 

Data is the answer. 91% (92% in Western Europe) of respondents agree that better capture and analysis of detection data is one of the most effective tools to prevent successful ransomware attacks. 

 

“In the organisations we’ve worked with, resilience has been strongest with a collaborative approach in everything, from software development and infrastructure monitoring to business continuity planning,” said Ryan Kovar, Distinguished Security Strategist for Splunk  and Leader of SURGe. “This approach brings everyone to the table, including security leaders with IT and business leaders, so they all can focus on protecting the organisation.”