New study shows: companies take longer than expected to recover from cyberattacks

External attacks most common cause of security incidents

On average, companies in the DACH region have experienced 41 security incidents in the last twelve months. The largest proportion of these were targeted attacks by external attackers (36%), followed by misconfigurations (29%) and software errors (28%). The main effects of these incidents included data loss (35 percent), downtime or interruptions (28 percent) and the compromise of customer accounts (25 percent). Companies citing loss of revenue as the most significant impact of security incidents reported losses of 3.3%.

Marshall Erwin, Chief Information Security Officer at Fastly, commented on the findings: "Full recovery from security breaches is becoming increasingly complex and costly for organizations. This is due to loss of revenue, reputational damage and lost time, which will affect long-term business relationships and tie up resources from different parts of the organization. As the number of attacks will not decrease and the risk of large-scale outages is always present, it is crucial that adjustments to the cyber security strategy are part of a holistic plan and that companies do not make hasty decisions."

Too little protection against new threats: Companies under pressure

63 percent of respondents fear cyberattacks on remote workers. 53 percent also state that the increasingly complex threat landscape has left their organization unprepared for future attacks and 51 percent of companies state that they are not protected against threats from emerging generative AI technology. Half of companies blame a lack of investment in security technologies for increased threat levels.

Investment in cyber security will increase - but so will consolidation

As a result, 88% of all decision-makers surveyed expect investments in cyber security to increase over the next twelve months, although investments in security solutions will have to be justified more strongly in view of tight budgets. Cybersecurity insurance (34%) and managed security services (28%) are among the top three areas of expected investment after modern authentication methods (40%).

There is therefore a clear trend towards outsourcing and protection - in addition to existing security tools and providers, which are under greater scrutiny in response to last year's incidents (46%). The overall economic situation is causing additional tension: even though the need to invest in cybersecurity is undisputed, almost three quarters of respondents (72%) are increasingly thinking about consolidating their providers and tools.

Comprehensive security approach as a strategy for the future

There is also a re-evaluation of how organizations integrate software security into their operational processes. More and more stakeholders outside of traditional security teams, including teams from areas such as platform engineering, are being involved in the introduction of security solutions. In fact, a fifth (20 percent) of respondents said that adopting a modern platform engineering approach to software security is one of their priorities for the next year.

"We are seeing a shift towards a shared responsibility for security in companies with a stronger focus on embedding security measures into all projects from the outset. Companies that integrate security into their processes early on and build strong partnerships with security specialists are better prepared for future threats and can recover from attacks more quickly," recommends Erwin.

Source: www.fastly.com/de

This article originally appeared on m-q.ch - https://www.m-q.ch/de/neue-studie-zeigt-unternehmen-brauchen-laenger-als-erwartet-um-sich-von-cyberangriffen-zu-erholen/