Phishing attacks, ransomware attacks, AI-powered malware – cyber threats are becoming more sophisticated and increasing. A study examined how German companies dealt with this in 2023 and what they plan for 2024.
The software assessment platform Capterra publishes a study on IT security and shows how the situation of cyber threats developed in 2023. As part of the study, 1.314 employees were surveyed about how companies react to cyber threats and how they strengthen their ability to defend themselves.
AI-powered attacks and email phishing attacks are at the top
Cyber threats from AI-powered attacks (47%) and new methods of email phishing (46%) are top concerns for businesses. Internal attacks (25%), advanced ransomware attacks (25%) and business email compromise (23%) are also mentioned. Companies should also take internal risks seriously, such as unintentional or malicious actions by partners or employees.
52% of companies confirm increased spending on IT security in 2023
The growing concern is leading companies to invest primarily in measures such as formal cybersecurity risk assessments (40%) and data classification (39%). Security risks are often systematically assessed and data is classified according to its sensitivity. Companies also rely on zero trust network security (31%), privileged access management (PAM, 28%) and network segmentation (27%) to secure their infrastructure and control access to sensitive areas.
For 42% of companies, spending remained the same compared to last year and 5% did not take any specific security measures. This suggests that there are still unprotected companies.
Top 3 data breaches
Accidentally unsecured databases or online data sources account for 42% of incidents. This shows that handling data and securing it will remain a challenge for companies in 2024. At the same time, 42% identify malicious access to company systems by hackers or other external persons. In 20% of cases, the theft of company data by employees or other insiders is another significant factor.
Phishing shows high success rate for cyber attacks
Despite companies' existing awareness of phishing emails, active training and test phishing campaigns, the success rate of attacks is still significantly high.
8% of respondents who received phishing emails clicked on malicious links themselves. 13% report that both they and others in their company have clicked on them, while 29% report that others in the company (not themselves) have clicked on such links.
What is alarming is that a full 40% of all participants said they used one password for multiple accesses - which increases the potential damage from phishing attacks.
Almost 40% of companies experienced ransomware attacks - a fifth paid a ransom
38% of participants report that in 2023 their company was affected by malware that encrypted data or hardware and then demanded a ransom to release it. Of these, 8% of companies paid the ransom and were able to get their data back. However, another 11% paid the ransom without being able to recover their data. Almost 1/5 of the attacks ended with a ransom payment, with over half of the payments being between 5.000 and 50.000 euros.
36% of companies that did not pay a ransom were able to remove the ransomware or decrypt their data themselves. Another 35% were able to restore their data from a backup. 5% of companies accepted permanent data loss because there were no backups.
The most significant vulnerabilities
The companies see the biggest challenges in:
- Thoughtlessness of employees (40%),
- inadequate network security (31%),
- inadequate mobile device security (30%)
- non-encrypted data (30%)
- Susceptibility to phishing/social engineering methods (30%).
Current trends show a significant increase in targeted ransomware attacks and phishing campaigns, which are becoming increasingly sophisticated through the use of artificial intelligence and machine learning. These developments require constant adaptation and expansion of the security strategies used. As businesses increasingly rely on these technologies, issues such as cloud security and protecting IoT devices are becoming increasingly important. A risk-sensitive strategy gives companies the flexibility and responsiveness to quickly adapt to the biggest threats.
Methodology:
To collect the data for this report, Capterra conducted a survey of 10 employees from companies of all sizes in Germany between November 26th and 2023th, 1314. The participants were selected based on the following criteria:
- Between 18 and 65 years
- Are employed full-time
- The companies surveyed use security tools
902 of respondents were involved in their company's cybersecurity measures, be it
- responsible (233)
- contributing (326) or
- at least informed about it (343).
In addition, 412 respondents had limited knowledge of the security measures and only answered a limited number of questions.
Go directly to the report at Capterra.com
About Capterra
Capterra helps companies worldwide find the right software for their needs. Founded in 1999, Capterra provides confidence in software selection to more than five million buyers each month with its global product presence, verified user reviews, independent reviews and tailored comparison tools.
Matching articles on the topic