Ransomware attacks increased by 151% in 2021, and there were on average 270 attacks per organisation, or a 31% increase compared with 2020.
However, 92% of business executives surveyed say cyber-resilience is integrated into enterprise risk-management strategies, while only 55% of cybersecurity leaders surveyed agree, highlighting a perception gap, global economic organisation the World Economic Forum (WEF) says in its 'The Global Cybersecurity Outlook 2022' report.
This perception gap between leaders can leave firms vulnerable to attacks as a direct result of incongruous security priorities and policies. According to the report, 80% of cyberleaders now consider ransomware a danger and threat to public safety.
“We are at a crossroads, a point at which cyber-resilience has become the defining mandate of our time, beyond foundational security controls, to anticipate future threats, withstand, recover from cyberattacks and adapt to likely future digital shocks,” says WEFcybersecurity strategy lead Algirde Pipikaite.
“Companies must now embrace cyber-resilience, not only defending against cyberattacks, but also preparing for swift and timely incident response and recovery when an attack does occur,” says WEF MD Jeremy Jurgens.
“Even after a threat is detected, our survey, written in collaboration with [information technology services and consultancy] Accenture, found nearly two-thirds of organisations would find it challenging to respond to a cybersecurity incident owing to the shortage of skills within their team.
“Perhaps even more troubling is the growing trend that companies need 280 days on average to identify and respond to a cyberattack, meaning an incident which occurs on January 1 may not be fully contained until October 8,” he says.
Less than one-fifth of cyberleaders feel confident their organisations are cyber-resilient. Cyberleaders surveyed said they do not feel consulted on business decisions, and they struggle to gain the support of decision-makers in prioritising cyber-risks, with seven in ten seeing cyber-resilience featuring prominently in corporate risk management.
“Recruiting and retaining the right talent is their greatest concern, and six in ten organisations think it would be challenging to respond to a cybersecurity incident because they lack the skills within their team. Further, nearly nine in ten see small and medium-sized enterprises as the weakest link in the supply chain, and 40% of respondents have been negatively affected by a supply chain cybersecurity incident,” the WEF says in the report.
“Organisations need to work more closely with ecosystem partners and other third parties to make cybersecurity part of an organisation’s ecosystem DNA to be resilient and promote customer trust. This report underscores key challenges leaders face, namely collaborating with ecosystem partners, and retaining and recruiting talent. Cybersecurity is an important topic because it impacts every organisation at all levels,” says Accenture chairperson and CEO Julie Sweet.
Solutions to the perception and risk gaps include employee cyber training, offline backups, cyber insurance and platform-based cybersecurity solutions that stop known ransomware threats across all attack vectors.
“Above all, there is an urgent need to close the gap of understanding between business and security leaders. It is impossible to attain complete cybersecurity, so the key objective must be to reinforce cyber resilience. Including cyberleaders into the corporate governance process will help close this gap,” the WEF highlights.