Cybersecurity report puts numbers behind the rise in pandemic-time cyber attacks against businesses

During the pandemic, we’ve heard anecdotally from cybersecurity pros about how the shift to work-from-home was leading to an increase in threats.

A new report from Annapolis-based CyberEdge Group offers data to back that up. The eighth edition of the research and marketing consulting firm’s Cyberthreat Defense Report showed the following:

• 86% of organizations surveyed experienced an attack that was successful in breaching a company or stealing data. This was up from 81% the prior year, and represented the largest year-over-year increase in six years.
• 69% of organizations experienced ransomware attacks, in which attackers lock up systems and demand payment in return for regaining access to data.
• 87% of organizations are experiencing shortages in IT security personnel, up slightly from 85% the prior year. The most in-demand roles? IT security architects and engineers.

The report surveys 1,200 IT security practitioners and decision makers, offering insight into how a group that’s an important part of an organization’s ability to operate.

The increased attacks are an indicator that challenges brought by the pandemic had a big effect on IT security teams. Working on home devices and networks meant many employees didn’t have the immediate protection that was set up inside the perimeter of an office.

“The challenges faced by IT security professionals throughout the pandemic have been overwhelming,” said Steve Piper, founder and CEO of CyberEdge Group, in a statement. “Within the last 12 months, security teams have had to provide connectivity for a remote workforce that has more than doubled while mitigating risks associated with unmanaged, employee-owned devices. It’s no wonder we’re witnessing record-setting data breaches, ransomware attacks, and internal and third-party security risks.”

The finding on ransomware showed the impact that the form of attack, which has been in the news for breaches against cities like Baltimore, is having on businesses. Along with an increase in attacks, the report found that more businesses are paying the ransom.

“Cybercriminals have learned that withholding data following payment receipt is bad for businesses,” the report states. “Unfortunately, this trend has enticed most victims [57% in 2021] to pay ransoms, which in turn has funded more ransomware attacks, resulting in more organizations being compromised by ransomware than ever before.”

Against this backdrop, there is slowing security spending among companies surveyed. The percentage of typical cybersecurity spending remained flat when compared with last year, and the percentage of orgs with rising spending fell from 85% to 78%. To be sure, the budgets are still rising overall, but at a slower pace than usual. And organizations are also shifting budgets to cloud-based technology, rather than on-premises infrastructure that’s been typical in offices. Whether this is a result of pandemic-era pullbacks in budget as a result of the economic downturn or a wider trend remains to be seen.