The message is clear in a fresh survey of 2,741 security, IT, and business professionals around the world: The damage from attacks is widespread and organizations are increasing security budgets to fend off further impact. Credit: Rick Jo / Getty Images Any lingering indifference to cybersecurity risk has evaporated in the face of spiking ransomware attacks, software supply chain threats, and the challenges of securing remote workers. That’s the clear message of CSO’s Global Intelligence Report: The State of Cybersecurity in 2021, fielded via online survey in May and June of this year.Unsurprisingly, half of those surveyed said they had seen an increase in security incidents at their organizations over the past year. What stands out is the extent of the harm: Nearly half of those attacked reported seeing economic damage, a loss of productivity, and theft of PII (personally identifiable information). No less than 28% said intellectual property had been stolen. download CSO Global Intelligence Report: The State of Cybersecurity in 2021Download this survey of 2,741 security, IT, and business professionals around the world for a clear picture of global threats and security spending priorities. Most shocking of all: 15% of respondents who had been attacked experienced a full shutdown of their business and 12% admitted to suffering “massive” economic impact. The survey also found that 60% of organizations in the utilities sector endured economic damage from a cyberattack, the highest of any industry segment. Utilities and energy companies were also most likely to report intellectual property theft, at 43%. Wholesale and retail companies were most likely to report loss of PII, at 58%. The global nature of the survey offered additional insight. Organizations based in the U.S. and Canada were the most likely to report an increase in incidents (53%), followed by the Asia-Pacific region (50%), Europe and Middle East (48%), Latin America, and Africa (each at 42%). No matter where they reside, though, the survey’s respondents believed there’s no letup in sight. For example, a full 62% of respondents anticipated that a financially driven attack on their organization, such as ransomware, will occur over the next 12 months.So how do organizations plan to respond? To begin with, by spending more: 71% of organizations expect to increase their security budget this year. The top spending priority was, naturally, “attack prevention,” at 43%. Cloud security came in second at 36%, with data privacy and network security tied for third at 35%. Companies in financial services, transportation, and technology were most likely to report an increase of more than 10% in their IT security budget in 2021. The most disappointing part of the survey involved security awareness. Only half of respondents said that mandatory IT security training or awareness programs had been in place for all users “for some time now,” with an additional 20% saying that initiative had just been introduced. Despite variations in the efficacy of such programs, they’re an absolutely essential part of modern cybersecurity defenses.Nonetheless, as The State of Cybersecurity in 2021 reveals, for the most part organizations appear to be doubling down on their defenses. They have no choice given the damage that has already been wrought. Cybersecurity is not a battle that can be won, just fought continually, and around the globe there’s an acute understanding of the monumental risk should organizations fail to commit the necessary resources to the fight. Related content news Russian state-sponsored hacker used GooseEgg malware to steal Windows credentials A now-patched Windows Print Spooler flaw was used by Forest Blizzard to drop the privilege-elevating malware for credential stealing and persistence. By Shweta Sharma Apr 23, 2024 3 mins Malware Windows Security feature Top 10 physical security considerations for CISOs Securing premises and devices from physical attacks can be just as challenging as defending against cyber threats, collaboration and communication with all teams involved is the key to success. By Ericka Chickowski Apr 23, 2024 14 mins Critical Infrastructure Security Infrastructure Security opinion Microsoft’s mea culpa moment: how it should face up to the CSRB’s critical report What should happen in the wake of the CSRB’s Microsoft report? This former security industry analyst has some suggestions. By Jon Oltsik Apr 23, 2024 4 mins Windows Security Security Practices Vulnerabilities news analysis More attacks target recently patched critical flaw in Palo Alto Networks firewalls The vulnerability found in GlobalProtect could be exploited to gain access to corporate networks and has seen a rise in compromise attempts despite being patched. By Lucian Constantin Apr 22, 2024 5 mins Threat and Vulnerability Management Zero-day vulnerability Vulnerabilities PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe