Please fill in the form below to subscribe to our blog

Cyberattack Woes Lead to Costly Downtime and Lost Revenue for Half of Businesses

December 01, 2023

See some of the results of the Kaseya Security Survey Report 2023


Businesses encounter a multitude of cyber threats daily, and those threats can have serious and expensive consequences. From the rising tide of sophisticated cyber attacks to the increasing importance of safeguarding sensitive data, businesses have to navigate tumultuous seas filled with hungry cyber sharks every day, and the pressure is only growing. To survive, businesses must invest in robust security to secure their digital future. In the Kaseya Security Survey Report 2023, we polled 3,066 IT professionals from around the world to find out about their cybersecurity challenges including the attack vectors they worry about, their experiences with cybercrime, and the financial cost of falling victim to a cyberattack.  


KAS_eBook-Cybersecurity-Survey-2023_Resource

See the challenges companies face & how they’re overcoming them in our Kaseya Security Survey Report 2023 DOWNLOAD IT>>


One-quarter of respondents point to email as their top attack vector 


When considering the vector through which their organization might suffer a successful cyberattack, one-quarter of our respondents chose email, highlighting the importance of having powerful, layered email security solutions in place to minimize risk. Nearly another one-quarter of survey respondents said that they consider endpoints to be their most vulnerable vector (23%). It is interesting to note that 22% of respondents chose a people-related vector, human error or insider threat, as the most likely conduit for a successful cyberattack against their employer. This result reinforces the importance of security awareness training for every employee. Education and training dramatically reduce a company’s risk of falling prey to a cybersecurity incident. 

Which of the following threat vectors are you most concerned about being the gateway to a successful attack in the next 12 months?  

Attack Vector Response 
Email 25% 
Human error (social engineering, distraction) 16% 
Endpoint (server) 12% 
Endpoint (laptop) 11% 
Cloud 10% 
Network 8% 
Insider threats 6% 
Supply chain 5% 
Unpatched systems (Zero-day attacks) 5% 
None 2% 

Source: Kaseya Security Survey Report 2023


Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>


75% of respondents expect a phishing attack in 2024 


Most of today’s most dangerous and devastating cyberattacks, like ransomware and BEC, typically start with phishing. Unfortunately, most of our survey respondents said they believe their organization is likely to fall victim to a phishing attack in the next year (80%). Now is the time to take measures, such as improving email security and educating users through phishing simulations, to prevent that attack from landing.

What do you believe is the likelihood that your organization will experience a successful phishing attack in the next 12 months? 

Likelihood of falling victim to a phishing attack Response 
Somewhat likely 50% 
Very likely 24% 
Not very likely 17% 
Extremely likely 6% 
Not at all likely 3% 

Source: Kaseya Security Survey Report 2023


a red fish hook on dark blue semitransparent background superimposed over an image of a caucasian man's hands typing on a laptop in shades of blue gray

Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>


Over half of the organizations surveyed have experienced a supply chain attack 


Supply chain cyberattacks have been the story of the year in 2023, with more than 600 businesses worldwide impacted by the MOVEit file transfer exploit. The majority of our survey respondents (61%) said their organization experienced a cyberattack through their supply chain or a third-party service provider. Supply chain cyberattacks are expected to be a continued problem for businesses as the world grows more interconnected.  

Have you experienced a supply chain attack through your supplier or service provider? 

Response Response 
Yes 61% 
No 33% 
I don’t know 6% 

Source: Kaseya Security Survey Report 2023


EDR represented by a rendering of connected devices

Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>


Ransomware is on IT professionals’ minds 


With the number and frequency of ransomware attacks growing constantly, it’s no surprise that most IT professionals expect their employers to fall victim to one. Over three-fifths of our survey respondents (64%) said that their company is likely to experience a successful ransomware attack in the next 12 months. More than half (53%) of our respondents indicated that a successful ransomware attack would have a significant impact on their organization. An unfortunate 17% said they believe their company is unlikely to survive a successful ransomware attack.  

Businesses must take every precaution to put themselves in the best possible position to recover from a ransomware attack. Having a BCDR solution, a ransomware-specific incident response plan and EDR with a ransomware rollback feature will go a long way toward mitigating disaster. 

What do you believe is the likelihood your organization will experience a successful ransomware attack in the next 12 months?  

Likelihood of falling victim to a ransomware attack    Response    
Extremely likely  5%  
Very likely    22%    
Somewhat likely    37%    
Not very likely  28%    
Not at all likely    8%    

Source: Kaseya Security Survey Report 2023


Learn to defend against devastating cyber threats with A Comprehensive Guide to Email-based Cyberattacks. GET IT>>


Extensive downtime adds to cyberattack woes for some businesses 


One result of cybersecurity problems is costly downtime. Although over half of our respondents were able to get back to work quickly after a cybersecurity incident, reporting downtime of less than three days (65%), 14% said that their downtime was four days or more — an expensive proposition with long-term ramifications.  

If you’ve experienced a cybersecurity incident, what was your total downtime?  

Total Downtime Response 
A week or more 5% 
4 – 6 days 9% 
2 – 3 days 20% 
1 day 15% 
Less than 1 day 30% 
None – we didn’t have any downtime 10% 
We have not experienced a cybersecurity incident 5% 
I don’t know 2% 
Prefer not to answer 1% 
We did not recover 2% 

Source: Kaseya Security Survey Report 2023


Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>


Over half of respondents’ companies lost $50,000 or more in a cybersecurity incident 


Lost revenue, lost productivity and recovery expenses are three major reasons why businesses need to minimize cybersecurity incidents. 56% of respondents lost $50,000 or more in a cybersecurity incident. Scaling up, just over one-third of respondents (39%) lost $100,00 or more, and 21% lost a whopping $250,000 or more. In today’s challenging economy, no business can afford this kind of monetary loss, making high-quality cybersecurity safeguards mission-critical.  

If you’ve experienced a cybersecurity incident, what was the total cost to the business, including lost revenue, lost productivity and recovery? 

Total cost of cybersecurity incident    Response    
Less than $10,000    16%    
$10,000 to less than $50,000    17%  
$50,000 to less than $100,000    17%    
$100,000 to less than $250,000    18%    
$250,000 to less than $500,000  10%    
$500,000 to $1 million    7%  
$1 million or more  4%  
I don’t know    4%  
We have not experienced a cybersecurity incident   9%  

Source: Kaseya Security Survey Report 2023


What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>


Mitigating cyber risk is easy with Kaseya’s Security Suite


Kaseya’s Security Suite has the tools that MSPs and IT professionals need to mitigate cyber risk effectively and affordably, featuring automated and AI-driven features that make IT professionals’ lives easier.  

BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.     

Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.    

Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.      

Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.      

Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).      

Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.   

Learn more about our security products, or better yet, take the next step and book a demo today!