Deloitte study: nine out of ten organizations reported at least one cyber incident or breach last year
Nine out of ten organizations (91 percent) reported at least one cyber incident or breach last year, according to Deloitte 2023 Global Future of Cyber Survey, and more than a third (38 percent) between six and ten events. The study also points out that the frequency of cyber incidents varies depending on the level of cyber maturity of the organization, more low cyber maturity organizations experiencing over ten events (21 percent) compared to the mature ones (13 percent).
Organizations’ cyber concerns also differ depending on their level of maturity, the more advanced ones being preoccupied mainly about cyber criminals and terrorists, as well as phishing, malware, and ransomware attacks, while low and medium-maturity companies have greater concerns about denial-of-service attacks.
In the context of these incidents, operational disruption (58 percent) is the most significant impact for organizations, followed by loss of revenue, of customer trust and negative brand impact, with 56 percent of respondents reporting that they suffered related consequences to a moderate or large extent.
“The cybersecurity threat landscape is becoming more complex every year and ranges from ransomware, still considered one of the main threats, according to the EU’s agency for cybersecurity ENISA, malware and supply chain attacks, to social engineering threats. The most impacted sectors are public administration and governments, digital services providers, financial services, as well as the general public, according to the same source. Organizations are increasing investments to boost cybersecurity maturity, a trend also visible in our country and which is projected to continue. But investments need to be accompanied by efforts to build a proper culture inside the organizations through awareness and communication, planning of the cyber strategies and actions to retain their experts,” stated Andrei Ionescu, Consulting and Risk Advisory Partner-in-charge, Deloitte Romania, and local leader of the cybersecurity practice.
Organizations are aware of the importance of planning in creating cyber strategies that effectively mitigate risks and drive business value, as almost two thirds of them (62 percent) have an operational and strategic plan to defend against cyber threats. The highly mature ones stand out in this respect, reaching 91 percent, the study highlights. Additionally, more than half of the surveyed companies have an annual cybersecurity awareness training among the employees (59 percent) and a cybersecurity incident-response plan that gets updated and tested annually (58 percent).
Beyond planning, attracting and retaining the right talent is an important factor in creating successful cyber strategies and companies are taking meaningful steps in doing so, the study shows. In order to engage, retain and develop existing talent, companies mainly offer access to training and certifications programs (54 percent), flexible and hybrid working options (50 percent) and specialized career paths (45 percent).
The report also shows a clear connection between cyber activities and a series of benefits, including trust. For organizations with a high level of cyber maturity, improved brand reputation (64 percent) and improved digital trust for customers and employees (62 percent) are among the top benefits of their cyber actions. At the opposite end, low cyber mature companies see significant gain in areas such as confidence in tech integrity (35 percent) and customer trust and brand impact (31 percent).