Half of firms unprepared for supply chain cyberattack
Europe encountering riskier threat landscape
Half of business leaders say their company is unprepared for a ransomware attack against critical third parties, with only 17% securing their supply chain over the past 12 months, according to a survey by cybersecurity firm VikingCloud.
VikingCloud says its survey of 170 business leaders in the US, UK and Ireland detects a “false sense of security”, with 75% claiming to be confident in their ability to detect and respond to cyberattacks overall. But there is much less confidence when it comes to the most urgent cyber risks, including attacks on third parties, phishing and ransomware.
Confidence levels in detecting and responding to cyberattacks is highest for US respondents at 83%, followed by the UK on 75% and far lower for Irish respondents at 51%.
But VikingCloud says the survey “uncovers an alarming disconnect between perceived and actual cybersecurity readiness”, which invites significant risk. Just 5% of the respondents say they have allocated additional budget to their cyber defence programmes in the past 12 months.
“Cyber leaders are confident in their overall cyber posture, but note major holes in their cyber defences when drilling down into specific vulnerabilities, threats, and attack methods,” VikingCloud says.
“While business leaders remain confident, the facts on the ground show that cybercriminals are advancing and innovating faster than their internal teams,” it adds.
The survey finds that 63% of UK respondents and 54% of Irish respondents say cybercriminals are more advanced than their internal teams.
“The frequency and severity of cyberattacks are increasing – yet most businesses remain unprepared. Between a growing talent shortage, cyber alert fatigue and new sophisticated attack methods, companies are more susceptible than ever,” a report on the survey says.
It goes on to warn that cyberattacks fuelled by AI are troubling business leaders, with 53% of all companies agreeing that emerging AI attack methods create new attack points that they are unprepared to deal with. VikingCloud says a third of all companies have still not trained their team on GenAI-related cyber risks.
Almost half (46%) said generative AI used to prompt hacking was the biggest threat, followed by large language model data poisoning (38%).
The survey finds cyberattacks across all three surveyed regions have increased, with frequency up 49% and severity up 43% over the past 12 months. But respondents in Ireland reported far higher increases in frequency of attacks (74%), while 60% of respondents in both the UK and Ireland said cyberattacks had become more severe, two times higher than US respondents at 29%.
“Europe appears to be encountering a riskier threat landscape,” VikingCloud says.
The survey finds that the majority of companies do not routinely practice incident response, with 58% carrying out drills only quarterly or annually. Further, it finds that 40% of cyber teams have intentionally not reported cyber incidents because they feared losing their jobs. Non-disclosure is highest in Ireland, the survey finds, at 54%, compared with 32% in the US.
“This research disclosure signifies a serious underreporting of cyber global breaches – which is alarming given the already record-high levels of reported incidents in 2023, which is only expected to grow in 2024,” VikingCloud says. “This lack of transparency is also concerning because cyber leaders do not have the full picture of their own cyber posture.”