As global headlines indicate, cyber attacks are fast becoming the pandemic of 2021, marked by a series of major incidents on an unprecedented scale. The SolarWinds supply chain attack that came to light in December 2020 set the stage for others: the Microsoft Exchange server attack, the five-day shutdown of the Colonial Pipeline in the U.S., the ransomware siege of the Irish health services system, and more.
Security decision makers have been committed to shoring up their security controls long before these notorious intrusions, and the good news is that most of our global survey respondents (90%) indicated that the security posture of their company has improved in the past two years.
Against the backdrop of these egregious attacks, however, 86% of respondents have had a cybersecurity incident so severe in the past year that it required a C-level or Board meeting.
IronNet decided to ask why: Is there a false sense of security? What is the disconnect between a reportedly high level of confidence in existing controls and the fact that attacks are on the rise? Is the current cybersecurity system broken?
To better understand the current challenges and strategies among senior cybersecurity executives, IronNet commissioned the independent research firm Sapio to interview 473 security IT decision makers from the U.S., U.K., and Singapore who work in the technology, financial, public service, and utilities sectors.
Key Findings from the 2021 Cybersecurity Impact Report:
- A false sense of security?
Most of the respondents indicated that the security posture of their company has improved in the past two years, but has it? Although organizations cite “the increasing sophistication of attacks” as a main cause for their ongoing issues with current cybersecurity defenses, even unsophisticated attacks such as business email compromise and credential phishing continue to happen across industries and can cause as much damage as nation-state attacks.
Most felt the impact of SolarWinds; very few felt no impact at all when the SolarWinds attack hit. On average, the incident cost affected companies surveyed 11% of their annual revenue and has forced 9 in 10 of all respondents to re-evaluate their supply chain security.
- The value of threat sharing
Two thirds of the companies interviewed say they are more likely to share cybersecurity information with their industry peers, as a result of SolarWinds. Respondents who reported increased information sharing have seen an increase in their security posture over the past two years. Both sharing among industry peers (72%) and sharing threat information with the government (53%) have a positive impact on improving security posture.
At the moment, companies have on average 40% of their operations in the cloud. This proportion is expected to increase in the future, even if the majority of respondents recognized that the adoption of cloud comes with additional cybersecurity risks. It is critical that companies adopt a level of clear shared responsibility with the cloud service providers to ensure that they (that is, the enterprise) are responsible for the security of what is in the cloud.
Learn more in the 2021 Cybersecurity Impact Report and in our press release.