Cloudflare report: EU firms unprepared for rising cyber threats
Cloudflare has published a detailed report revealing significant insights into the cybersecurity landscape in Europe. The study highlights the urgent necessity for businesses to strengthen their cybersecurity measures, streamline their security estates, and ensure leadership comprehension and support for strategic cybersecurity initiatives.
The report finds that 64% of business leaders foresee a cybersecurity incident within the next 12 months, yet only 29% feel highly prepared to defend against such events. Additionally, 40% of organisations experienced an incident in the past year, with 84% reporting a rise in the frequency of attacks.
The ramifications of cybersecurity breaches are substantial, with 31% of businesses suspending growth plans and over 25% halting operations. Nearly 40% of these incidents resulted in financial costs between USD $1-2 million. While 44% of respondents are optimistic about the benefits of transitioning to a zero-trust architecture, 86% believe their leadership does not fully understand this approach, hindering adoption.
The report further indicates that the complexity of cybersecurity solutions negatively impacts their effectiveness. Nonetheless, 67% of businesses plan to onboard more tools in the coming year, making simplification and modernisation critical priorities.
Regarding attack frequency, 40% of organisations experienced a cybersecurity incident in the last 12 months, with 84% of those cases reporting an increase in frequency. Of particular concern, 16% of organisations faced a cybersecurity attack every 6-11 days. Two-thirds of respondents believe they will witness more attacks within the next year, and 64% expect to endure a cybersecurity incident in the next 12 months.
Despite the rising volume and frequency of attacks, only 29% of respondents feel highly prepared for future cybersecurity incidents. Industries that experienced fewer attacks, such as healthcare and education, also showed lower levels of preparedness, with only 18% and 19%, respectively, feeling ready for future incidents. Conversely, the IT and technology sector, which faced 49% of attacks in the last year, showed a higher level of preparedness, with 35% feeling confident in their defences.
The financial impact of breaches remains a critical concern. More than a third (39%) of respondents cited financial consequences as the most significant issue, with 22% reporting lost revenue and 22% facing fines and increased insurance premiums. Nearly 19% had to lay off staff due to financial losses after an incident. Almost two-fifths (38%) reported financial impacts between EUR €788,000 and EUR €1.576 million, while 25% estimated losses above EUR €1.576 million.
The objectives behind these attacks are diverse: 53% reported spyware as the primary motive, while 48% cited ransomware. Phishing remains the most common attack vector, experienced by 59% of respondents, followed by web attacks (58%) and DDoS attacks (37%). Business email compromise and stolen credentials also posed significant threats, with 32% experiencing such incidents.
The report finds a high level of complexity in current cybersecurity solutions, with 49% of businesses using more than 11 different products. A significant 72% believe this complexity hampers effectiveness, yet 67% plan to increase the number of tools in the next year. Key challenges for cybersecurity decision-makers include consolidating and simplifying their security estates (48%), modernising applications (47%), and modernising networks (42%).
Though 44% are optimistic about Zero Trust's potential, 86% of respondents believe their leadership does not fully understand it. This lack of comprehension is seen as the biggest barrier to adoption, emphasised by the fact that only 25% have fully deployed Zero Trust network access solutions. Additionally, 58% stated that Zero Trust adoption is still in its initial stages.
A positive note from the report is that 54% of respondents expect their IT budget for cybersecurity to increase next year. Around 25% anticipate cybersecurity will account for at least 20% of their IT spend. Of those expecting a budget increase, 66% foresee a rise of over 10%. Primary determinants for budget allocation are the number of incidents experienced (34%) and the cost of addressing them (20%).
Organisations are dealing with increasing cybersecurity challenges, balancing operational efficiency, regulatory compliance, and sustained productivity amidst rising incidents. Andy Lockhart, Head of EMEA at Cloudflare, remarked, "This significant challenge requires innovative solutions capable of integrating diverse technological components into a cohesive and agile framework. The age of siloed legacy infrastructures is giving way to a new model of 'any-to-any' cloud platforms, creating catalysts for innovation and growth."