Like other kinds of debt, cybersecurity debt only gets worse over time if you don’t address it. The unpatched software vulnerabilities, unmanaged devices, shadow IT, and insecure network protocols won’t just go away on their own. And, like other debts, it eventually comes due. But it won’t be a bank or even a shady loan shark who asks you to pay up. It’ll be a ransomware gang or a state-backed hacking group.
Escape the Cybersecurity Debt Spiral
In the second edition of the Global Cyber Confidence Index, ExtraHop worked with Wakefield Research to survey 950 IT decision makers from the U.S., Europe, and Asia-Pacific about their security practices and postures, experiences with ransomware, and confidence in their organization’s security measures. The results may surprise you.
Over three quarters of respondents said that outdated cybersecurity practices have contributed to at least half of the cybersecurity incidents they’ve faced. But how many incidents is that, exactly? We found that the average number of ransomware incidents organizations face is on the rise. In 2021, organizations experienced four attacks over five years, on average. By 2022, that figure reached four over the course of one year. That’s alarming.
Cybercriminals and state-backed actors have made a lucrative trade out of capitalizing on organizations’ cybersecurity debt. We found that 83% of survey respondents have paid a ransom at least once. Worse still, 52% pay the ransom most or all of the time; that’s up 12% from 2021. When you factor in the size of the average ransom payment ($925,000, according to Palo Alto Networks Unit 42) and the fact that many ransom-takers leave backdoors so they can strike again and again, the cost of cybersecurity debt starts spiraling fast.
You’d think with all this in mind, more organizations would be working to pay down their cybersecurity debt. But that’s not what our research shows. Fewer than one third of respondents have urgent plans to address outdated security practices.
Starting to think it’d be a good idea to pay down your cybersecurity debt? Read the full 2023 Global Cyber Confidence Index report to learn the leading causes of cyber debt and how you can start remediating it.