CSO Global Intelligence Report: The State of Cybersecurity in 2021

Any lingering indifference to cybersecurity risk has evaporated in the face of spiking ransomware attacks, software supply chain threats, and the challenges of securing remote workers. That’s the clear message of CSO’s Global Intelligence Report: The State of Cybersecurity in 2021, fielded via online survey in May and June of this year.

Unsurprisingly, half of those surveyed said they had seen an increase in security incidents at their organizations over the past year. What stands out is the extent of the harm: Nearly half of those attacked reported seeing economic damage, a loss of productivity, and theft of PII (personally identifiable information). No less than 28% said intellectual property had been stolen.

Most shocking of all: 15% of respondents who had been attacked experienced a full shutdown of their business and 12% admitted to suffering “massive” economic impact. The survey also found that 60% of organizations in the utilities sector endured economic damage from a cyberattack, the highest of any industry segment. Utilities and energy companies were also most likely to report intellectual property theft, at 43%. Wholesale and retail companies were most likely to report loss of PII, at 58%.

The global nature of the survey offered additional insight. Organizations based in the U.S. and Canada were the most likely to report an increase in incidents (53%), followed by the Asia-Pacific region (50%), Europe and Middle East (48%), Latin America, and Africa (each at 42%).

No matter where they reside, though, the survey’s respondents believed there’s no letup in sight. For example, a full 62% of respondents anticipated that a financially driven attack on their organization, such as ransomware, will occur over the next 12 months.

So how do organizations plan to respond? To begin with, by spending more: 71% of organizations expect to increase their security budget this year. The top spending priority was, naturally, “attack prevention,” at 43%. Cloud security came in second at 36%, with data privacy and network security tied for third at 35%. Companies in financial services, transportation, and technology were most likely to report an increase of more than 10% in their IT security budget in 2021.

The most disappointing part of the survey involved security awareness. Only half of respondents said that mandatory IT security training or awareness programs had been in place for all users “for some time now,” with an additional 20% saying that initiative had just been introduced. Despite variations in the efficacy of such programs, they’re an absolutely essential part of modern cybersecurity defenses.

Nonetheless, as The State of Cybersecurity in 2021 reveals, for the most part organizations appear to be doubling down on their defenses. They have no choice given the damage that has already been wrought. Cybersecurity is not a battle that can be won, just fought continually, and around the globe there’s an acute understanding of the monumental risk should organizations fail to commit the necessary resources to the fight.