Keeper Security, a provider of zero-trust, zero-knowledge and FedRAMP Authorized cybersecurity software, released findings from its annual Cybersecurity Census. The report explores insights from IT decision-makers at businesses across the United States, revealing most respondents expect cyberattacks to intensify over the next year, yet 32 percent lack a management platform for IT secrets – posing a significant risk to organizational security.
The 2022 U.S.Cybersecurity Census Report explores the ongoing threats of cyberattacks and the need for cybersecurity investment. The report maps the evolving cybersecurity landscape as hybrid and remote work have transformed businesses over the past two years. According to survey findings, the average U.S. business experiences 42 cyberattacks annually — between three to four each month. Still, fewer than half (44 percent) of respondents provide their employees with guidance or best practices for governing passwords and access management.
U.S. businesses face many cyberattacks each year, significantly impacting their organizations. Most respondents agree the number of attacks will increase, with 39 percent predicting the number of successful cyberattacks will also rise.
Most organizations in the United States believe they’re prepared to fend off cyberattacks, with 64 percent of respondents rating their preparedness at least an eight on a 10-point scale and 28 percent rating themselves as a 10/10. At the same time, the majority of respondents (57 percent) say it is taking longer to respond to attacks and only 8 percent say responses are getting faster.
Though most report feeling prepared for attacks, leaders admit their tech stacks lack essential tools.
Nearly one-third of respondents (32 percent) lack a management platform for IT secrets, such as API keys, database passwords and privileged credentials. Eighty-four are concerned about the dangers of hard-coded credentials in source code, but 25 percent don’t have software to remove them.
More than one-quarter of respondents (26 percent) said they lack a remote connection management solution to secure remote access to IT infrastructure. With the rise in hybrid work and remote work, this is a significant security gap.
This lack of investment in cybersecurity tools is alarming, especially considering the lasting impact of cyberattacks that survey respondents revealed:
- Nearly one-third (31 percent) suffered a disruption of partner or customer operations in the wake of a cyberattack and the same percentage experienced theft of financial information.
- 18 percent of organizations experienced theft of money, with the average amounting to more than $75,000, while 37 percent lost $100,000 or more.
- 23 percent experienced the inability to carry out business operations
In addition to direct costs, cyberattacks can cause lasting damage to business perception and client trust. More than one-quarter of respondents (28 percent) suffered reputational damage due to a successful cyberattack and 19 percent reported losing business or a contract.
“The volume and pace at which cyberattacks are hitting businesses is increasing and with that come severe financial, reputational and organizational penalties,” said Darren Guccione, CEO and co-founder of Keeper Security. “Leadership must prioritize cybersecurity, enabling their security teams to address rapid shifts in technology and distributed remote work. The impact these shifts have on cybersecurity are both pervasive and extreme. Building a culture of trust, accountability and responsiveness is critical.”
Cybersecurity is a pillar of every good business and these findings underscore the need for business leaders to make cybersecurity a part of organizational culture. U.S. business leaders are working to source the necessary talent to stay secure. Nearly three-quarters (71 percent) of respondents have made new hires in cybersecurity over the past year and 58 percent say they’ve increased cybersecurity training.
Many organizations are considering future investments with 73 percent of respondents expecting their cybersecurity budgets to increase. However, they face being outmatched by rising external threats and the demands created by existing weaknesses.
Employees understand the dangers of external and internal threats. An overwhelming 79 percent of IT professionals are concerned about a breach from within their organization and 47 percent have suffered a breach of that nature. As more employees work remotely, businesses must rethink their investments to maintain security. In fact, 40 percent of respondents highlighted remote and hybrid work as a top concern, with rising external threats close behind at 39 percent.
IT leaders themselves admit a lack of transparency in cyber incident reporting within their organizations, with nearly half of respondents (48 percent) being aware of a cyberattack, but keeping it to themselves. Businesses must foster a sense of trust and transparency in their organizations, creating an open dialogue to recognize the scale of the cybersecurity challenges their organization faces. Only with that recognition can resources be devoted to education and embedding a cybersecurity mindset into the organization’s culture.
Keeper’s 2022 U.S. Cybersecurity Census Report demonstrates that cyberattacks present a profound and ongoing threat. Preventative measures, including investment, education and cultural shifts, are essential for businesses to drive resilience and protect their organizations from cybercriminals.