The message is clear in a fresh survey of 2,741 security, IT, and business professionals around the world: The damage from attacks is widespread and organizations are increasing security budgets to fend off further impact. Credit: Rick Jo / Getty Images Any lingering indifference to cybersecurity risk has evaporated in the face of spiking ransomware attacks, software supply chain threats, and the challenges of securing remote workers. That’s the clear message of CSO’s Global Intelligence Report: The State of Cybersecurity in 2021, fielded via online survey in May and June of this year.Unsurprisingly, half of those surveyed said they had seen an increase in security incidents at their organizations over the past year. What stands out is the extent of the harm: Nearly half of those attacked reported seeing economic damage, a loss of productivity, and theft of PII (personally identifiable information). No less than 28% said intellectual property had been stolen. download CSO Global Intelligence Report: The State of Cybersecurity in 2021Download this survey of 2,741 security, IT, and business professionals around the world for a clear picture of global threats and security spending priorities. Most shocking of all: 15% of respondents who had been attacked experienced a full shutdown of their business and 12% admitted to suffering “massive” economic impact. The survey also found that 60% of organizations in the utilities sector endured economic damage from a cyberattack, the highest of any industry segment. Utilities and energy companies were also most likely to report intellectual property theft, at 43%. Wholesale and retail companies were most likely to report loss of PII, at 58%. The global nature of the survey offered additional insight. Organizations based in the U.S. and Canada were the most likely to report an increase in incidents (53%), followed by the Asia-Pacific region (50%), Europe and Middle East (48%), Latin America, and Africa (each at 42%). No matter where they reside, though, the survey’s respondents believed there’s no letup in sight. For example, a full 62% of respondents anticipated that a financially driven attack on their organization, such as ransomware, will occur over the next 12 months.So how do organizations plan to respond? To begin with, by spending more: 71% of organizations expect to increase their security budget this year. The top spending priority was, naturally, “attack prevention,” at 43%. Cloud security came in second at 36%, with data privacy and network security tied for third at 35%. Companies in financial services, transportation, and technology were most likely to report an increase of more than 10% in their IT security budget in 2021. The most disappointing part of the survey involved security awareness. Only half of respondents said that mandatory IT security training or awareness programs had been in place for all users “for some time now,” with an additional 20% saying that initiative had just been introduced. Despite variations in the efficacy of such programs, they’re an absolutely essential part of modern cybersecurity defenses.Nonetheless, as The State of Cybersecurity in 2021 reveals, for the most part organizations appear to be doubling down on their defenses. They have no choice given the damage that has already been wrought. Cybersecurity is not a battle that can be won, just fought continually, and around the globe there’s an acute understanding of the monumental risk should organizations fail to commit the necessary resources to the fight. Related content news Kroll cyber threat landscape report: AI assists attackers AI is simplifying all sorts of tasks — and not always for the better: cybercriminals, too, are adopting it. By Lynn Greiner May 24, 2024 4 mins Threat and Vulnerability Management Cybercrime Vulnerabilities news analysis Windows Recall — a ‘privacy nightmare’? The Windows AI feature announced by Microsoft this week quickly drew criticism for recording regular screenshots of a user’s screen; one security expert compared it to keylogging software. By Matthew Finnegan May 24, 2024 1 min Privacy feature What is spear phishing? Examples, tactics, and techniques Spear phishing is a targeted email attack purporting to be from a trusted sender. Learn how to recognize—and defeat—this type of phishing attack. By Josh Fruhlinger May 24, 2024 14 mins Phishing Cyberattacks Fraud news analysis Emerging ransomware groups on the rise: Who they are, how they operate New and developing ransomware gangs move to fill the void left by the shutdown and law enforcement disruption of big players, with differing tactics and targets. By Lucian Constantin May 24, 2024 6 mins Ransomware Cybercrime PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe