Two-Thirds of Organizations Suffered a Cyberattack Last Year

Netwrix, the cybersecurity solutions provider, released its annual worldwide 2023 Hybrid Security Trends Report. According to the report, 68% of organizations faced a cyberattack within the last year. Among them, 16% estimated that the financial damage was at least $50,000, 40% faced unplanned expenses, and 10% experienced negative consequences like lost customers and reduced sales.

The survey showed that on-premises infrastructures are more vulnerable to cyberattacks than the cloud. This is particularly true for ransomware and malware attacks, with nearly twice as many respondents reporting such incidents in on-premises environments (37%) compared to the cloud (19%).

According to Dmitry Sotnikov, VP of Product Management at Netwrix, on-premises environments are more susceptible to attacks than software-as-a-service (SaaS) systems due to their “sprawling privileges on the infrastructure level.”

The report also found that phishing is still the most common form of attack vector, with 73% of respondents experiencing a phishing-related incident in 2022.

It was also noted that cloud adoption continues to grow, with 81% of organizations now using at least one cloud environment. Additionally, over a third (37%) of the remaining organizations plan to adopt cloud technologies within the next year.

That said, account compromise attacks targeting cloud systems are increasing. 39% of respondents reported such incidents in 2023, compared to 31% in 2022 and only 16% in 2020.

Employee-related risks remain the top data security concern, with 58% of respondents citing it. As for recommended IT priorities, the top three have remained consistent since 2019: data security, network security, and cybersecurity training.

The study also revealed that 44% of organizations have cyber insurance, and 15% plan to get it within the next year. Among the insured, 22% had to enhance their security to meet the policy requirements.

Dirk Schrader, VP of Security Research at Netwrix, said, “While cyber insurance has value, it’s vital to remember that it is no substitute for strong security. After all, while insurance pay out can defray the financial impact of a security incident, no policy can restore an organization’s data, operations, or reputation.”

Adding to these findings, a recent report by the GuidePoint Research and Intelligence Team (GRIT) discovered a 25% increase in publicly posted ransomware victims from Q4 2022 to Q1 2023. Many of these attacks originate from organized hacking groups, who are deploying increasingly novel coercive techniques to extort money from their victims.