VikingCloud has unveiled new research indicating a worrying trend: 40% of cyber teams have refrained from reporting cyber incidents due to fear of job loss. This significant underreporting highlights a global issue, potentially leaving businesses vulnerable to non-compliance with industry regulations and increased cyberattacks. The report also reveals a surge in cyber incidents, with 49% of companies experiencing more frequent attacks and 43% noting greater severity over the past year.
The data, collected from a survey of nearly 170 cybersecurity professionals across the United States, United Kingdom, and Ireland, shows that while 96% of companies are confident in their ability to detect and respond to cyberattacks in real-time, they are unprepared for today's most pressing cyber risks. These risks include ransomware attacks on critical third parties (48%), phishing (40%), DNS attacks (33%), and direct ransomware attacks (32%).
“Cyber teams are facing major challenges such as the growing talent shortage, new attack methods, and the advancing sophistication of cybercriminals,” said Kevin Pierce, Chief Product Officer at VikingCloud. “Although many leaders report confidence in their defensive capabilities, it’s clear this false sense of security is leaving many businesses vulnerable. Teams are trying to do more with less while cybercriminals continue to stay one step ahead. Without understanding their actual risk status and investing in the right technology, people, and expert partners, companies will become even more susceptible to the latest attack methods.”
VikingCloud's 2024 Threat Landscape Report also highlights the rise of new cyberattack methods powered by AI, with 53% of leaders expressing concern over emerging AI threats. These include Generative AI (GenAI) model prompt hacking (46%), Large Language Model (LLM) data poisoning (38%), Ransomware as a Service (37%), GenAI processing chip attacks (26%), API breaches (24%), and GenAI phishing (23%).
The report underscores a growing skills gap between cyber teams and criminals, with 55% of companies acknowledging that modern cybercriminals are more advanced than their internal teams. Additionally, 35% reported that the technology used by cybercriminals is more sophisticated than what their teams have access to, yet a third of companies have not trained their teams on GenAI-related cyber risks.
Key challenges identified include the talent shortage and limited resources. Only 10% of companies have increased cyber hiring in the past year, and nearly 20% cite a lack of qualified talent as a significant barrier to overcoming cyberattacks. Budget constraints are also a major issue, with 35% unable to invest in new technology and 32% unable to hire additional staff.
Cyber alert fatigue is another critical issue, impacting response times. One-third of companies have been late to respond to cyberattacks due to false positives, and 63% spend over 208 hours annually managing these false alarms. Consequently, 68% of surveyed cyber teams cannot currently meet the Securities and Exchange Commission’s four-day disclosure requirement for cyber incidents.
Technology could be a crucial equalizer for cyber teams, with 63% of companies looking to implement new solutions to address the cyber talent shortage. While 41% believe GenAI has the potential to mitigate cyber alert fatigue, only 5% have allocated additional budget to their cyber programs in the past year.
“There are two ways cyber leaders can look at advanced technology like GenAI – as a threat or as a weapon. The reality is that it’s both, which makes it essential for businesses to aggressively implement the right solutions to arm their teams and beat cybercriminals at their own game,” Pierce said.