Between a growing talent shortage, alert fatigue, and new sophisticated attack methods, companies are more susceptible than ever.
The research reveals that 40% of cyber teams have not reported a cyber incident out of fear of losing their jobs - a disclosure that signifies a serious underreporting of cyber breaches globally.
This trend also leaves businesses at risk of being non-compliant with emerging industry regulations, as well as vulnerable to rising attacks, reported in the survey to have both increased in frequency for 49% of companies and severity for 43% in the past 12 months.
Companies are confident in their ability to detect cyberattacks.
The data - gathered from a quantitative survey of nearly 170 cybersecurity professionals at the c-suite, VP, director, and manager level in the United States, United Kingdom, and Ireland - shows 96% of companies are confident in their ability to detect and respond to cyberattacks in real time.
The same companies also acknowledge that they are unprepared for today's most pressing cyber risks, including ransomware attacks against a critical third party, phishing attacks, DNS attacks, and ransomware attacks against their business.
A rising skills gap between cyber teams and criminals.
53% reveal emerging AI attack methods are creating new attack points for which they are unprepared.
The most worrying AI threats include GenAI model prompt hacking, Large Language Model data poisoning, Ransomware as a Service, GenAI processing chip attacks, Application Programming Interface breaches, and GenAI phishing.
55% of companies believe cybercriminals are more advanced than their internal team.
Despite that, a third of companies still have not trained their team on GenAI-related cyber risks.
Only 10% of companies have increased cyber hiring in the past 12 months, and nearly 20% of companies say a lack of qualified talent is a key challenge to overcoming cyberattacks.
35% of companies don't have enough budget to invest in new tech and 32% don't have enough budget to hire more staff.
Cyber alert fatigue is straining cyberattack response times.
33% of companies were late to respond to cyberattacks because they were dealing with a false positive, and 63% spend more than 208 hours per year managing false positives.
Overall, 68% of cyber teams surveyed could not currently meet The Securities and Exchange Commission's four-day disclosure requirement and cyber industry benchmark based on the average amount of time they estimate it would take to respond to a new, serious attack.
Technology has the potential to be an equalizer for cyber teams.
63% of companies are looking to implement new tech that can help alleviate the impacts of the cyber talent shortage.
41% say GenAI has the most potential to address cyber alert fatigue.
Only 5% of companies allocated additional budget to their cyber programs in the past year to address these ongoing challenges.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Mon, 27 May 2024 12:43:10 +0000