Last year we dived into five predictions on how 2022 will pan out, below we will go through these trends to see how these planned out.
We predicted an increase in ransomware, where it is still seen ransomware attacks are amongst the top growing threats in the cyber security industry. The damage they can cause to a business is immeasurable, effecting the organisation financially, the reputation, and the operation of the business. With 91% of security leaders are now regularly reporting on ransomware to the board.
In the UK, Gov.uk has shown in 2022, 39% of businesses have identified a cyber-attack, which remains the same in 2021. However, it is suggested that less cyber mature organisations in this space may be underreporting.
The Sophos State of Ransomware Report 2022 delves into ransomware statistics specifically and found that UK organisations managed to block 43% of ransomware attacks before data was encrypted, this was above the average of 35%. For successful attacks, around 13% of companies went ahead and paid the ransom demanded by cyber criminals. This was below the global average (26%). While only a small portion of companies paid the ransom, ransomware attacks can still be very expensive to fix. The average cost for UK organisations was $1.08 million. However, this is still a substantial decrease from the $1.96 million reported in 2021.
We have dived in with some of the recent cyber-attacks and threats that CISOs need to key a close watch on for the remaining part of 2022 and beyond.
Cyber insurance is crucial for enterprise risk management, but it’s quickly becoming unaffordable, just as we predicted. Premiums are increasing rapidly, and new research shows that 82% of insurers believe that prices will continue to rise for the next two years.
Panaseer’s 2022 Cyber Insurance Market Trends Report, saw the largest ransom pay-outs by insurers in the last two years average £3.26m in the UK and $3.52m in the US. Increasingly sophisticated threat actors and costly ransomware attacks are having the biggest impact on rising premiums. 89% of insurers believe it would be valuable to have direct access to customer metrics and measures proving the status of their security controls.
The US ranked number 1 for the foremost number of coworking areas globally (3,762), with the UK being third (1,044). Where it is predicted five million individuals would be using coworking areas by 2024, and 13% of businesses outside the US are using shared workspaces in 2022. However, it is hard to determine how many security breaches have arisen from coworking spaces.
Working from home: Remote work has increased the average cost of a data breach by $137,000, Email phishing attacks were the most common source of data breaches while working from home (48%).
There has been an increase in IoT technology, where in 2021 there were more than 10 billion active IoT devices, and in 2030 it is predicted to surpass 25.4 billion. By 2025, it is predicted that 152,000 IoT devices will be connecting to the internet every minute.
Ring (An Amazon-owned company) had two incidents, once for accidentally revealing user data to both Facebook and Google via third party trackers embedded into their android application. Secondly due to an IoT security breach where cybercriminals successfully hacked into several families connected doorbells and home monitoring systems.
IoT devices carry a lot of vulnerabilities with the lack of computational capacity for built-in security and have a limited budget for developing and testing secure firmware. Where IoT has evolved rapidly over recent years, connecting technology, driving business insights, powering innovation, and improving people’s lives. But IoT solutions become more prevalent in society, cyber criminals have found new opportunities to exploit the lack of built-in security currently associated with IoT devices.
Over the past year, the demand for cyber security professionals has increased by 60%. Many industries seeing an acceleration in digital transformation and remote working, resulting in an increased risk of cyber-attacks. However, most cyber security decision-makers are struggling to recruit due to a shortage of skilled professionals, according to new research. 60% of organisations also admitted they have been struggling with finding cyber security talent, and 52% reported difficulties with retaining employees. Meanwhile, seven out of 10 leaders worldwide say hiring women and new graduates are among their top three challenges.
Tor Macleoad, Founder at Via Resource states “Employers and recruitment agencies consider the cyber security labour market an increasingly candidate-driven market, with a greater average number of vacancies per firm this year, and a greater proportion of these vacancies being hard to fill.”