New global study by Sophos confirms: 93 percent of companies have problems with basic security tasks. The risk is also high: 75 percent (65 percent in DACH) of those surveyed have difficulty identifying the causes of an incident.
Sophos has released the new study “The State of Cybersecurity 2023: The Business Impact of Adversaries on Defenders”. The latest international study found that 93 percent of organizations worldwide find it difficult to perform basic security tasks, such as threat hunting.
Understand how an attack occurs
The challenges also include understanding how an attack occurred. From a global perspective, 75 percent of those surveyed have difficulty identifying the cause of an incident - in DACH, 65 percent confirm this. This can make it difficult to respond appropriately and leave organizations vulnerable to repeated or multiple attacks from the same or different attackers. The situation is also aggravated by the fact that 71 percent of those surveyed worldwide and 60 percent in DACH confirm problems with timely remedies.
Additionally, 71 percent of respondents worldwide say they find it difficult to recognize and investigate signals/alerts. In DACH, slightly fewer confirm this at 62 percent. Also 71 percent report problems with the prioritization of investigations, which 64 percent of the companies in DACH have difficulties with.
Vulnerabilities are underestimated
“Only a fifth of respondents see vulnerabilities and remote services as a top cybersecurity risk for 2023. Yet the truth is, these are routinely exploited by active adversaries. This cascade of operational issues means organizations don't see the full picture and may act based on incorrect information. There's nothing worse than being wrong with certainty. External audits and monitoring can help to eliminate blind spots. We, on the other hand, see things as an attacker sees them,” said John Shier, Field CTO, Commercial, Sophos.
Other important results of the study
- 52 percent worldwide and even 54 percent in DACH of the companies surveyed state that cyber threats are now too advanced for their company to be able to deal with them alone.
- 64 percent internationally and 61 percent in DACH would like the IT team to spend more time on strategic issues and less time on firefighting. 55 percent (56 percent in DACH) say that time spent due to cyber threats impacts the IT team's work on other projects.
- 94 percent globally and 96 percent in DACH state that they work with external specialists to scale their internal department. At the same time, however, the majority still deal with threats themselves, rather than choosing an outsourced approach.
“Today's threats require a timely and coordinated response. Unfortunately, too many companies remain in reactive mode. Not only does this impact core business priorities, it also takes a significant human toll: more than half of respondents say cyberattacks give them sleepless nights. By removing the guesswork and applying defensive controls based on actionable intelligence, IT teams can focus on supporting the business instead of trying to put out the endurance burn of active attacks,” Shier said.
Background to the study
The data from The State of Cybersecurity 2023: The Business Impact of Adversaries on Defenders study comes from an independent survey conducted in January and February 2023 among 3.000 IT and cybersecurity leaders in 14 countries.
Directly to the study PDF at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.