79% of organisations spotted a cyberattack within the last 12 months

Over the last year, the attacks that gained momentum are account compromise in the cloud and targeted attacks on premises.

  • Wednesday, 1st May 2024 Posted 7 months ago in by Phil Alsop

Netwrix has released its annual global 2024 Hybrid Security Trends Report based on a global survey of 1,309 IT and security professionals. It reveals that 79% of organisations spotted a cyberattack within the last 12 months, up from 68% a year ago. Moreover, 45% of those organisations incurred unplanned expenses, and 1 in 5 (20%) reported losing a competitive edge due to these attacks. The share of those who faced dire consequences soared: 16% experienced a decrease in company evaluation, and 13% had to deal with lawsuits compared to only 3% a year ago.

“Growing security awareness at the executive level means a better understanding that the risks of security gaps extend far beyond downtime and data loss. As a result, more organisations are investing resources into audits to investigate the root cause of a security incident to prevent similar events in the future,” explains Ilia Sotnikov, Security Strategist at Netwrix.

1 in 6 (17%) organisations estimated their financial damage from cyber incidents to be at least $50,000. In addition, the share of those who faced no financial consequences dropped from 47% to 38% compared to last year. To mitigate the risk of financial loss from data breach, organisations often opt to purchase cyber insurance. Indeed, 62% of respondents confirmed having a cyber insurance policy or planning to purchase one within 12 months. Almost 1 in 5 (19%) insured organisations used their policy last year.

“Considering the high chances of a payout request, it's no wonder the requirements for obtaining a policy have become stricter. The survey shows that insurers are now more likely to require identity and access management as well as privileged access management,” says Dirk Schrader, VP of Security Research at Netwrix. “These solutions significantly complicate the privilege escalation for the attacker and their lateral movement. As a result, the security team has more time to spot suspicious activity and respond to the attack before any serious damage occurs.”

Other notable survey findings include:

Phishing is still the most common attack vector both on premises and in the cloud: 74% of respondents suffered this type of cyberattack

Account compromise attacks in the cloud spiked, with 55% of respondents reporting them in 2024, compared to 39% in 2023, 31% in 2022, and just 16% in 2020

Targeted attacks on premises continue to intensify: the share of those who suffered this type of attack increased by 42%, from 19% to 27%

Interest in implementing AI tools surged: this year, 28% of respondents named it among their top IT priorities compared to only 9% in 2023

“The interest in AI is surging across enterprises – both within the security department and outside. The introduction of AI tools like Copilot to assist with regular business processes raises a new scope of associated security gaps. Since Copilot relies on native access controls within Microsoft 365, it can access all data a user can. If the user has been granted inappropriate access to content, then sensitive information can quickly spiral out of control,” warns Ilia Sotnikov. “Implementing and maintaining a strict least-privilege model is a good start to address the risks associated with Copilot and similar AI-powered business tools.” 

Beacon, NY, Dec 20, 2024– DocuWare unveils its AI-powered Intelligent Document Processing (DocuWare IDP), bringing about unprecedented improvements...
85% of IT decision makers surveyed reported progress in their companies’ 2024 AI strategy, with 47% saying they have already achieved positive ROI.

MSPs will invest in more AI security forecasting

Posted 1 week ago by Phil Alsop
Predictive maintenance and forecasting for security and failures will be a growing area for MSPs with an interest in security, says Nicole Reineke,...

Machine identities next big target for cyberattacks

Posted 1 week ago by Phil Alsop
Venafi has published the findings of its latest research report: The Impact of Machine Identities on the State of Cloud Native Security in 2024....
Nearly 50% of organisations have experienced a security breach in the last two years.

IT professionals recognise lack of gender diversity

Posted 1 week ago by Phil Alsop
The majority (87 percent) of IT professionals agree that there is a lack of gender diversity in the sector, yet less than half (41 percent) of...

A moving landscape for MSPs

Posted 1 week ago by Phil Alsop
2025 predictions from Ranjan Singh, chief product officer at Kaseya.

Data breach epidemic takes its toll

Posted 1 week ago by Phil Alsop
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t getting adequate time to relax.