Our colleagues have carried out a survey of cybersecurity attitudes among organizations across 26 countries where our products and services are offered. In total, they interviewed 3230 employees of companies of various sizes, dividing the responses into categories: SMB (50–999 employees) and Enterprise (1000+ employees). A key takeaway of the study is that the most common type of cybersecurity incident experienced by companies of any size is data leakage. As a consequence, more than half of them (55%) cite data protection as their biggest cybersecurity concern.
In the study, Yuliya Novikova, Head of Security Services Analysis here at Kaspersky, gives several reasons for this.
First, any publication of stolen data can cause an increase in attacks on company employees, simply because this provides additional leverage in phishing and other social engineering attacks.
Second, cybercriminals are increasingly trying to draw attention to their exploits through social media by posting information about attacks and victims on their own websites, in messengers, and in the Twittersphere. This inevitably threatens the reputation of the target organization (even if the statement is false and in fact the attack failed completely, or didn’t even occur at all).
And third, losses from data leakage can be significantly greater if the region where the company operates has strict data protection rules. This is especially true of organizations that process data belonging to EU residents — the fines for violating the General Data Protection Regulation (GDPR) can be hefty.
For more results from the study, go to our IT Security Calculator website, which has been updated with data from the new report. There you can get an estimate of the budgets that companies in different fields and in different regions tend to allocate to information security.
To download the full IT Security Economics 2022 report, please register on the IT Security Calculator website.