Cyberattacks Remain a Perennial Threat for Organizations

Cyberattacks Remain a Perennial Threat for Organizations

By Greg Tavarez

The foremost concern facing organizations across all sectors is the persistence of cyberattacks and other threats that jeopardize their operational continuity. Among these threats, ransomware is at the front of the pack, with its impact escalating as cybercriminals continue to amass substantial ransom payments.

That said, ransomware is one facet of the multifaceted threat landscape. Organizations grapple with a diverse array of risks emanating from external and internal sources that span from deliberate human actions to naturally occurring vulnerabilities. Adding to this complex panorama is the impending specter of AI wars, a threat on the horizon that looms ever closer.

 These challenges raised questions – questions from InformationWeek, a business technology resource: “how well-prepared are modern companies to confront these threats? Are their cybersecurity champions experiencing burnout in the face of relentless challenges, or are they rising to the occasion with unwavering enthusiasm?” The questions are what prompted InformationWeek to conduct a study, and the findings were appalling.

“Our survey asked respondents what types of events, including cyberattacks, caused major disruptions to their IT systems. They told us that increasing attacks by malicious actors are making it more difficult for organizations to maintain IT operations after an incident; but it’s much more complicated than that,” said Sara Peters, editor-in-chief of InformationWeek. “Many of the decisions that CIOs and CISOs have to make during a crisis aren’t about technology; they’re about business and risk.”

With all the talk surrounding cybersecurity, most would expect cyber risk mitigation investments to be high, right?

Well, that was not the case as cyber risk mitigation investments are not the bulk of budget allocations for most companies. Almost 40% of respondents allocate less than 10% of their annual IT budget to cybersecurity, one-third dedicate between 10% and 24% of their budget to cybersecurity, and 16% spend between 25% and 49% of their budget on protecting their company from cyberthreats.

This allocation of budget for cybersecurity is a cause for concern because it reflects a potential mismatch between the level of cyber risk and the resources dedicated to mitigating it. Allocating a relatively small portion of the IT budget to cybersecurity suggests that many companies may not be adequately prioritizing or investing in measures to protect themselves from pervasive and increasingly sophisticated threats.

Looking deeper into the budget allocations, the study found that the cybersecurity investment is typically split between defense at 70%, such as technologies and talent expenditures, and rebound at 30%, like business continuity, disaster recovery, data backups, cyber insurance and ransom money.

Rebound is the key here because a strong defense strategy may not be enough to hold the attackers back. A company must rely on the strength of its rebound plan. The best way to gauge the incident response effectiveness is to test it, yet nearly one quarter of companies surveyed have never conducted tests or are unsure if their teams have tested with tabletop exercises or other measures.

Backups top the list of tools and procedures used by respondents, yet half of respondents report they include misconfigurations in their cyber resilience plans, and 43% include planning for severe weather events.

Additionally, nearly half of companies reported carrying cyber liability insurance either as a standalone policy or as a rider on a larger business insurance policy. Of those with cyber insurance, 84% believe the protection is worth the expense.

Cyber insurance provides benefits, such as financial protection in the event of a cyberattack, coverage for legal and regulatory expenses and assistance with the costs of recovering from a breach. For some organizations, especially those with limited cybersecurity resources, yes, it is a valuable safety net.

“Cyber resilience and cyber incident response plans are expanding to include supply chain breakdowns, cloud computing outages, geopolitical events, AI-related threats, death, climate change and more,” said Peters. “Many technologies are implemented to maintain resilience, and solid backups remain the number one answer.”

The state of cybersecurity is still in the realm of underdog status given the continuous and rapid rise of new and ever more sophisticated attacks. However, cybersecurity is far from being a hopeless endeavor. Against the odds, 61% of those surveyed reported high satisfaction among their cybersecurity teams, despite the scarcity of resources.

“The challenges seem insurmountable sometimes, and the fact that our readers approach cyber resilience so bravely is impressive,” said Peters.




Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

Real Estate Forecast 2025: Emerging Developments and Market Shifts

By: Contributing Writer    7/1/2025

Buying or selling property can be challenging. Rising mortgage rates and fluctuating home prices leave many uncertain about their next move. Business …

Read More

Protecting Business Assets with Smarter Security Frameworks

By: Contributing Writer    7/1/2025

Protecting your business is more challenging than ever. Cyber threats are increasing every day. Hackers target small and large businesses alike, searc…

Read More

Reimagining Public Transportation in the Era of Smart Mobility

By: Contributing Writer    7/1/2025

Public transportation can be frustrating. Buses stuck in traffic, late trains, and hard-to-navigate systems often leave people stressed or stranded. M…

Read More

SonicWall Powers Secure Access for Missouri MSP, Improving Cybersecurity and Network Access for Clients

By: Erik Linask    6/27/2025

With SonicWall, Stronghold Data delivers a modern, secure remote access solution that ensures access to networks and resources and improves cybersecur…

Read More

Guardz Unleashes AI-Driven ITDR to Combat Escalating Identity-Based Threats

By: Erik Linask    6/26/2025

The launch of Identity Threat Detection and Response (ITDR) gives MSPs the tools to defend SMBs against increasingly sophisticated attacks targeting u…

Read More