Cyberattacks remain an ever-present danger for businesses, with only a small minority managing to avoid being affected by an incident in the past two years.
This is according to Cloudflare’s annual report on the threat landscape in Europe. In its research, the company surveyed 4,261 leaders in 13 different countries who were responsible for cybersecurity in their organization.
The majority (52%) of these respondents were in roles at large organizations, which Cloudflare defines as those with over 2,500 employees. The rest were split evenly among medium sized organizations (1,000 – 2,499 employees) and small enterprises (150 –999 employees).
Of those surveyed, 72% reported experiencing at least one cybersecurity incident in the last 24 months, with 40% suffering some sort of attack within the last year.
Medium-sized organizations were found to be the most vulnerable, with 42% reporting an incident in the last 12 months. By comparison, only 34% of small organizations suffered an incident, while for larger enterprises the figure rose to 40%.
In terms of specific industries, the worst affected businesses were IT and technology organizations, with just under half (49%) of the leaders from this vertical reporting at least one incident this year.
Transportation (46%) was the second worst affected vertical, followed by energy, utilities, and natural resources vertical (43%). At the other end of the scale, education (31%), healthcare, (28%), and gambling and esports (28%) were least affected by cyber attacks, according to the research.
Shifting trends in healthcare
Cloudflare noted the lower frequency of cyber incidents in healthcare is counterintuitive, citing the industry’s general lack of investment in cyber resilience, as well as the relative value of medical records on the dark web.
This result is also notable due to the fact that a prominent coverage of the attacks on healthcare organizations across Europe, an attack on NHS diagnostic services provider Synnovis, AEP – a German pharmaceutical wholesaler AEP, and two major health insurance providers in France, Viamedis and Almerys.
Speaking to ITPro, Matt Aldridge, principal solutions consultant at OpenText Cybersecurity, offered his thoughts on what is driving what appears to be a dip in attacks on healthcare organizations.
“Due to pressure from law enforcement and government interventions, some ransomware threat actors have chosen to avoid attacking healthcare environments for periods of time, to avoid drawing attention to themselves,” he explained.
“It could be that the timing of this survey has captured the impact of such policies. This is liable to change however, and increasingly for threat actors there is a ‘gloves are off’ mentality and they will go wherever they are most likely to get a payout.”
Aldrige added that perhaps the types of headline-grabbing incidents there have been in recent years have prompted cyber defenders in healthcare to redouble their efforts.
“Even if they don’t feel prepared, it could be that a refocusing of efforts into specific high risk areas is paying dividends in terms of overall reduction of successful attacks,” he suggested.
The risk of multiple breaches
Most organizations, regardless of size or sector, were hit with multiple cyber incidents, the report revealed. Of those hit by at least one breach, 84% said they had suffered more incidents compared to previous years, with 31% the number of incidents increased significantly.
Of those that reported suffering more than one attack during the past year, more than two in five said they experienced 1o or more attacks. Of these, a quarter reported enduring between 11 and 30 incidents, while 16% experienced 31-60 incidents – equivalent to one attack every 6-11 days.
One example of this in action is French digital automation and energy management company Schneider Electric, which recorded two breaches in the space of nine months this year. The first was a ransomware attack carried out by the Cactus threat group in January, which saw 1.5TB of corporate data exfiltrated from the multinational corporation.
The second incident took place in early November, when a threat actor claimed to have stolen 40GB of data from one of the firm’s developer platforms, including images of US citizens’ passports and scans of non-disclosure agreements.
Schneider Electric confirmed it was investigating unauthorized access to its Jira project management platform shortly after it was listed on the attacker’s leaksite, but refused to comment on the alleged hacker’s $125,000 ransom demands.
Ballooning recovery costs
Among organizations that experienced a cyber attack in the last 12 months, Cloudflare revealed 63% lost at least €940,000 ($1 million), with a quarter of respondents reporting their firm lost €1.88 million ($2 million) or more.
When asked about the most significant effect of suffering a breach, 39% of leaders highlighted the immediate financial cost of the attack. Another 17% noted reputational damage as the primary impact to their organization.
In light of a string of well-publicized incidents illustrating the catastrophic impact a cyber attack can have, the majority of European organizations now appear to be prioritizing cyber security.
For example, 54% of respondents told Cloudflare they anticipate their organization will dedicate more of its IT budget to cybersecurity. Their top three priorities were:
- Simplifying and consolidating their organization’s cybersecurity stack (48%)
- Modernizing applications (47%)
- Modernizing networks (42%)
Aldridge said investing in consolidation is a smart move for IT decision makers who want to produce benefits for their security teams.
“Complexity is undoubtedly the enemy of security, so time investment in simplification, standardization, and rationalization initiatives will deliver strong, tangible benefits,” he said.
“With vendor consolidation in the cybersecurity industry, there are strong opportunities to align with vendors who can deliver the majority of requirements from a single source – greatly simplifying support processes and streamlining the supply chain.”
Overall the cybersecurity landscape in Europe is increasingly volatile with significant rises in cyber incidents across various industries. While large organizations continue to be frequent targets, medium-sized enterprises remain particularly vulnerable to breaches.
As cyber threats evolve, organizations are focusing on bolstering their defenses through enhanced security investments, streamlined cybersecurity tools, and modernized infrastructure. Nevertheless, the increasing frequency and severity of attacks, couple with the rising financial costs, underscore the urgent need for businesses to remain vigilant and proactive in their cybersecurity strategies.
