Nearly 4 in 5 Ransomware Attacks Include Threats Beyond Data Encryption, Finds “2023 Cyberthreat Defense Report”

ANNAPOLIS, Md.--(BUSINESS WIRE)--CyberEdge Group, a leading research and marketing firm serving the cybersecurity industry’s top vendors, today announced the publication of its tenth annual Cyberthreat Defense Report (CDR). This year’s edition provides unexpected data about ransomware attacks involving multiple threats, uncharacteristic optimism among IT security professionals, how security leaders are engaging with board members, and why industry veterans are earning security certifications. It also reveals the cybersecurity technologies that organizations are prioritizing this year and the threats that worry them most.

“Security professionals rarely hear good news when it comes to cyberthreat statistics”

Double, Triple and Quadruple Ransomware Threats Are Common Long gone are the days when ransomware victims had to contend with encrypted data alone. Last year, according to the survey, 78% of ransomware victims faced the consequences of one, two or three additional threats unless they paid the ransom. Additional threats include launching distributed denial of service (DDoS) attacks (42%), notifying customers or the media of the data breach (42%), and publicly releasing exfiltrated data (40%). But We May Have Turned a Corner Despite experiencing record-setting ransomware attacks last year, security professionals appear to be uncharacteristically optimistic about 2023. The percentage of survey respondents who believe it’s more likely than not that their employers will be victimized by a successful cyberattack of some kind in the coming year declined for the first time in six years, from 76% to 72%. In addition, their overall concern about cyberthreats ticked down. One factor contributing to the improving sentiment: the percentage of organizations experiencing at least one successful attack in 2022 (85%) declined for the second consecutive year. “Security professionals rarely hear good news when it comes to cyberthreat statistics,” says Steve Piper, founder and CEO of CyberEdge Group. “Although successful ransomware attacks are up, the percentage of organizations victimized by all classes of cyberthreats fell for the second straight year – the first multi-year decline in CDR history. Overall concern for cyberthreats ticked down for the first time since the start of the pandemic, concern for web and mobile attacks is down, concern for cloud security challenges is down, and security professionals are starting to feel more optimistic. With increased adoption of modern cybersecurity defenses, the industry may finally have turned the tide against our cyber adversaries.” Additional Key Findings CyberEdge Group’s award-winning CDR is the standard for assessing organizations’ security posture, gauging the perceptions of information technology (IT) security professionals, and ascertaining current and planned investments in IT security infrastructure – across all industries and geographic regions. The 2023 CDR yielded dozens of additional insights, including:

• Board engagement. At nearly all companies with a board of directors (97%), information security leaders engage board members directly. More than half (51%) provide monthly, quarterly, or annual cyber risk assessments reports to the board.
• Hottest security tech for 2023. The CDR tracks current and planned investments by security organizations across four technology categories. Among the most sought-after security technologies in 2023 are next-generation firewalls (network security category), deception technology (endpoint security category), bot management (application and data security category), and full packet capture and analysis (security management and operations category).
• This year’s weakest links. Industrial control systems (ICS), Internet of Things (IoT) devices, and mobile devices top this year’s list of the IT components that respondents indicated are most challenging to secure.
• Feeling short-handed. Seven in eight organizations (87%) are experiencing a shortfall of security talent, with IT security administrators in greatest demand. Security professionals cite “lack of skilled personnel” as the top inhibitor to defending against cyberthreats.
• Professional certification: it’s not about the Benjamins. Security professionals who have earned one or more IT security professional certifications cite “expanded knowledge” as the primary benefit of their credentials. “Increased compensation” is at the bottom of the list.
• Embracing emerging tech. The vast majority of organizations are adopting emerging security technologies such as zero trust network architectures (ZTNA; 92%), extended detection and response (XDR; 93%), and secure access service edge (SASE; 93%).
• Increased security spending. The average information security budget went up by 5.3% in 2023, a new CDR record.

About the CDR In November 2022, 1,200 IT security decision makers and practitioners completed a 27-question online survey. Each participant was employed by a commercial or government entity with a minimum of 500 employees. Participants came from six geographic regions: North America, Europe, Asia Pacific, the Middle East, Latin America, and Africa. The CDR gauges perceptions about cyberthreats and ascertains future plans for improving security and reducing risk. It empowers IT security professionals to benchmark their company’s security posture, operating budget, product investments, and best practices against peers in their industry and geographic region. The 2023 CDR is supported by leading information security vendors:

• Platinum sponsors: (ISC)², Arkose Labs, Fortra, Human, Imperva, and Menlo Security
• Gold sponsors: Delinea, LookingGlass, Netskope, Netsurion, SailPoint, and ZeroFox
• Silver sponsor: HackerOne, Netwrix, OffSec, Phosphorus, Picus Security, and Valence Security

Now available The 2023 Cyberthreat Defense Report is available from all sponsors or by visiting the CyberEdge Group website at www.cyber-edge.com/cdr. About CyberEdge Group CyberEdge Group is an award-winning research and marketing consulting firm serving the diverse needs of information security vendors and service providers. Headquartered in Annapolis, Maryland, with 60+ consultants based across North America, CyberEdge works with approximately one in every six IT security vendors. The company’s annual Cyberthreat Defense Report provides information security decision makers and practitioners with practical, unbiased insight into how enterprises and government agencies defend their networks in today’s complex cyberthreat landscape. For more information, visit www.cyber-edge.com. The CyberEdge Group name and logo are trademarks of CyberEdge Group, LLC in the United States and other countries. All other trademarks and service marks are the property of their respective owners.