Cyberattack Woes Lead to Costly Downtime and Lost Revenue for Half of Businesses
See some of the results of the Kaseya Security Survey Report 2023
Businesses encounter a multitude of cyber threats daily, and those threats can have serious and expensive consequences. From the rising tide of sophisticated cyber attacks to the increasing importance of safeguarding sensitive data, businesses have to navigate tumultuous seas filled with hungry cyber sharks every day, and the pressure is only growing. To survive, businesses must invest in robust security to secure their digital future. In the Kaseya Security Survey Report 2023, we polled 3,066 IT professionals from around the world to find out about their cybersecurity challenges including the attack vectors they worry about, their experiences with cybercrime, and the financial cost of falling victim to a cyberattack.
See the challenges companies face & how they’re overcoming them in our Kaseya Security Survey Report 2023 DOWNLOAD IT>>
One-quarter of respondents point to email as their top attack vector
When considering the vector through which their organization might suffer a successful cyberattack, one-quarter of our respondents chose email, highlighting the importance of having powerful, layered email security solutions in place to minimize risk. Nearly another one-quarter of survey respondents said that they consider endpoints to be their most vulnerable vector (23%). It is interesting to note that 22% of respondents chose a people-related vector, human error or insider threat, as the most likely conduit for a successful cyberattack against their employer. This result reinforces the importance of security awareness training for every employee. Education and training dramatically reduce a company’s risk of falling prey to a cybersecurity incident.
Which of the following threat vectors are you most concerned about being the gateway to a successful attack in the next 12 months?
Attack Vector | Response |
25% | |
Human error (social engineering, distraction) | 16% |
Endpoint (server) | 12% |
Endpoint (laptop) | 11% |
Cloud | 10% |
Network | 8% |
Insider threats | 6% |
Supply chain | 5% |
Unpatched systems (Zero-day attacks) | 5% |
None | 2% |
Source: Kaseya Security Survey Report 2023
Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>
75% of respondents expect a phishing attack in 2024
Most of today’s most dangerous and devastating cyberattacks, like ransomware and BEC, typically start with phishing. Unfortunately, most of our survey respondents said they believe their organization is likely to fall victim to a phishing attack in the next year (80%). Now is the time to take measures, such as improving email security and educating users through phishing simulations, to prevent that attack from landing.
What do you believe is the likelihood that your organization will experience a successful phishing attack in the next 12 months?
Likelihood of falling victim to a phishing attack | Response |
Somewhat likely | 50% |
Very likely | 24% |
Not very likely | 17% |
Extremely likely | 6% |
Not at all likely | 3% |
Source: Kaseya Security Survey Report 2023
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
Over half of the organizations surveyed have experienced a supply chain attack
Supply chain cyberattacks have been the story of the year in 2023, with more than 600 businesses worldwide impacted by the MOVEit file transfer exploit. The majority of our survey respondents (61%) said their organization experienced a cyberattack through their supply chain or a third-party service provider. Supply chain cyberattacks are expected to be a continued problem for businesses as the world grows more interconnected.
Have you experienced a supply chain attack through your supplier or service provider?
Response | Response |
Yes | 61% |
No | 33% |
I don’t know | 6% |
Source: Kaseya Security Survey Report 2023
Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>
Ransomware is on IT professionals’ minds
With the number and frequency of ransomware attacks growing constantly, it’s no surprise that most IT professionals expect their employers to fall victim to one. Over three-fifths of our survey respondents (64%) said that their company is likely to experience a successful ransomware attack in the next 12 months. More than half (53%) of our respondents indicated that a successful ransomware attack would have a significant impact on their organization. An unfortunate 17% said they believe their company is unlikely to survive a successful ransomware attack.
Businesses must take every precaution to put themselves in the best possible position to recover from a ransomware attack. Having a BCDR solution, a ransomware-specific incident response plan and EDR with a ransomware rollback feature will go a long way toward mitigating disaster.
What do you believe is the likelihood your organization will experience a successful ransomware attack in the next 12 months?
Likelihood of falling victim to a ransomware attack | Response |
Extremely likely | 5% |
Very likely | 22% |
Somewhat likely | 37% |
Not very likely | 28% |
Not at all likely | 8% |
Source: Kaseya Security Survey Report 2023
Extensive downtime adds to cyberattack woes for some businesses
One result of cybersecurity problems is costly downtime. Although over half of our respondents were able to get back to work quickly after a cybersecurity incident, reporting downtime of less than three days (65%), 14% said that their downtime was four days or more — an expensive proposition with long-term ramifications.
If you’ve experienced a cybersecurity incident, what was your total downtime?
Total Downtime | Response |
A week or more | 5% |
4 – 6 days | 9% |
2 – 3 days | 20% |
1 day | 15% |
Less than 1 day | 30% |
None – we didn’t have any downtime | 10% |
We have not experienced a cybersecurity incident | 5% |
I don’t know | 2% |
Prefer not to answer | 1% |
We did not recover | 2% |
Source: Kaseya Security Survey Report 2023
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
Over half of respondents’ companies lost $50,000 or more in a cybersecurity incident
Lost revenue, lost productivity and recovery expenses are three major reasons why businesses need to minimize cybersecurity incidents. 56% of respondents lost $50,000 or more in a cybersecurity incident. Scaling up, just over one-third of respondents (39%) lost $100,00 or more, and 21% lost a whopping $250,000 or more. In today’s challenging economy, no business can afford this kind of monetary loss, making high-quality cybersecurity safeguards mission-critical.
If you’ve experienced a cybersecurity incident, what was the total cost to the business, including lost revenue, lost productivity and recovery?
Total cost of cybersecurity incident | Response |
Less than $10,000 | 16% |
$10,000 to less than $50,000 | 17% |
$50,000 to less than $100,000 | 17% |
$100,000 to less than $250,000 | 18% |
$250,000 to less than $500,000 | 10% |
$500,000 to $1 million | 7% |
$1 million or more | 4% |
I don’t know | 4% |
We have not experienced a cybersecurity incident | 9% |
Source: Kaseya Security Survey Report 2023
What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>
Mitigating cyber risk is easy with Kaseya’s Security Suite
Kaseya’s Security Suite has the tools that MSPs and IT professionals need to mitigate cyber risk effectively and affordably, featuring automated and AI-driven features that make IT professionals’ lives easier.
BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.
Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).
Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.
Learn more about our security products, or better yet, take the next step and book a demo today!