Increased cyber threat - study confirms deceptive sense of security

Cyberattacks on companies have made the headlines more and more frequently in recent times, and not just because they feel like it. In fact, the threat situation has increased since the coronavirus pandemic due to rapid developments in digitalisation. How are companies positioned in terms of securing their networks? What consequences does the increasing cloud transformation have for threat defence? And which security areas are currently receiving the most investment?

Detailed answers can be found in the study "From Cyber Security to Cyber Resilience", which KPMG has compiled in cooperation with the market research and consulting firm Lünendonk. The report provides a comprehensive overview of the status quo in various industries. 100 people responsible for IT security were interviewed by telephone.

84 per cent of companies have observed an increase in the threat situation compared to 2022. The reasons given are increasing process digitalisation, more professional hacker organisations and the geopolitical situation. In 2023, concerns about hacker attacks in the form of DDoS attacks (Distributed Denial of Service) have also increased significantly compared to 2022. The current top risks: phishing campaigns and ransomware. For every second company, keeping pace with the methods of criminals and technological progress is a major challenge.

Despite increased cyber threats, nine out of ten companies rate their ability to recognise and fend off cyber attacks at an early stage as high. This may be due to the fact that many attacks are not even recognised. The sense of security seems deceptive.

One of the biggest threats to compromising IT systems comes from digital identities. However, only one in four companies has a privileged access management (PAM) system in place to protect digital identities. Only one in three companies has a centralised SIEM (Security Incident and Event Management) in place to carry out security monitoring.

An improvement can be seen in the measurement of the security status. For example, 41 per cent of companies regularly review their IT systems using external gap analyses (audits). At 36 per cent, significantly fewer companies did this in 2022. The proportion of companies that regularly measure their cyber security status based on KPIs has also increased: from 68 per cent (2022) to currently 72 per cent.

Nine out of ten companies intend to invest in vulnerability management, identity & access management, security monitoring and business continuity in 2023 and 2024. Investment plans show a significant increase in the areas of data centre security, AI-supported cyber defence and cloud security.

The relevance of cloud security is increasing on the agenda overall. Companies that pursue a cloud-first strategy are working more frequently with external service providers. This is because it is not only high compliance and security requirements that cause problems, but also costs and a shortage of skilled labour. IT department resources are often inadequate - clouds are seen as "secure premium applications straight out of the socket". An integrated security operating model is necessary for risk management.

It is striking that a large proportion of those companies that are investing more in cloud security are also investing in endpoint security and PAM. By contrast, companies that invest more in data centre security also place a strong focus on identity & access management and security monitoring.