Netwrix has unveiled its annual 2024 Hybrid Security Trends Report, compiled from a survey of 1,309 IT and security professionals worldwide. The findings indicate that 79% of surveyed organizations detected a cyberattack in the past year, marking an increase from 68% in the previous year. Additionally, 45% of these organizations faced unforeseen expenses, and 1 in 5 (20%) suffered a loss in competitive edge as a result of these incidents. The proportion of those experiencing severe repercussions surged: 16% reported a decline in company evaluation, and 13% dealt with legal actions, compared to just 3% the previous year.
“Growing security awareness at the executive level means a better understanding that the risks of security gaps extend far beyond downtime and data loss. As a result, more organizations are investing resources into audits to investigate the root cause of security incidents to prevent similar events in the future,” explains Ilia Sotnikov, Security Strategist at Netwrix.
1 in 6 (17%) organizations estimated their financial damage from cyber security incidents to be at least $50,000. In addition, the share of those who faced no financial consequences dropped from 47% to 38% compared to last year. To mitigate the risk of financial loss from data breach, organizations often opt to purchase cyber insurance. Indeed, 62% of respondents confirmed having a cyber insurance policy or planning to purchase one within 12 months. Almost 1 in 5 (19%) insured organizations used their policy last year.
“Considering the high chances of a payout request, it’s no wonder the requirements for obtaining a policy have become stricter. The survey shows that insurers are now more likely to require identity and access management as well as privileged access management,” says Dirk Schrader, VP of Security Research at Netwrix. “These solutions significantly complicate the privilege escalation for the attacker and their lateral movement. As a result, the security team has more time to spot suspicious activity and respond to the attack before any serious damage occurs.”
Other notable survey findings include:
- Phishing is still the most common attack vector both on premises and in the cloud: 74% of respondents suffered this type of cyberattack.
- Account compromise attacks in the cloud spiked, with 55% of respondents reporting them in 2024, compared to 39% in 2023, 31% in 2022, and just 16% in 2020.
- Targeted attacks on premises continue to intensify: the share of those who suffered this type of attack increased by 42%, from 19% to 27%.
- Interest in implementing AI tools surged: This year, 28% of respondents named it among their top IT priorities compared to only 9% in 2023.
“The interest in AI is surging across enterprises – both within the security department and outside. The introduction of AI tools like Copilot to assist with regular business processes raises a new scope of associated security gaps. Since Copilot relies on native access controls within Microsoft 365, it can access all data a user can. If the user has been granted inappropriate access to content, then sensitive information can quickly spiral out of control,” warns Ilia Sotnikov. “Implementing and maintaining a strict least-privilege model is a good start to address the risks associated with Copilot and similar AI-powered business tools.”
Related News:
Netwrix Solutions Expanded Its Global Partnership Network by 36%
Olympic Games Traveling Tips from Netwrix to Avoid Being Scammed
