There’s a new kid on the block in the cybersecurity research sphere. The Cyentia Institute, a dedicated research center, has just released the third edition of its annual Information Risk Insights Study, abbreviated to IRIS.
With support from the Cybersecurity and Infrastructure Security Agency (CISA), this year the study was bigger than ever, combining insights from 77,000 cyber events, $57 billion in reported losses, and 72 billion compromised records.
Whatever the size of your organization or the sector, IRIS is a treasure trove of valuable information that you can use to inform your cyber risk management strategy.
As with all global in-depth studies, though, it’s a pretty intense, data-laden read. So, we’ve distilled the key insights from IRIS into a handy TL;DR version for you.
What is the Information Risk Insights Study?
IRIS is a global study that aims to help organizations dispel the fear and uncertainty that typically surround cyber risk management decisions. As Cynetia notes in its introduction:
“Reliable data about the frequency and impact of cyber events has historically been difficult to obtain. This presents a serious challenge for decision makers, causing many to fall back on subjective judgments and qualitative ratings. Our study yields objective data. We hope it helps many teams escape the qualitative quagmire of information risk assessments.”
What are the key findings from this year’s study?
Cybersecurity incidents are becoming more frequent
So, what has IRIS uncovered in 2022? Find out below..
An integral aspect of cyber risk management is assessing the probability of risks becoming actuality. To help organizations do this intelligently, IRIS looked at the frequency of cybersecurity incidents over the last 10 years.
It found that “the geometric mean of the monthly incident count in 2012–2013 was 496 compared to 718 for 2020–2021”. This is an increase of an astonishing 44.7% over the last 10 years. In other words, security incidents are becoming more frequent and commonplace. As many organizations have realized, cyber-attacks and data leakage aren’t unlikely threats anymore. It’s now more a case of when, not if.
Healthcare and Finance sectors experience the most incidents
While data about incident frequency is undeniably useful, it only goes so far. What’s even more valuable for risk managers is to be able discern the level of risk their sector faces specifically. Enter key finding number two.
As the report notes and the graph below shows, Healthcare, Financial, and Public
organizations experienced the most attacks, with the first two sectors suffering 76x more incidents than Mining and Agriculture.
As well as different industries suffering a varying proportion of incidents, the cost of these attacks also varies widely between sectors. The research found that typical losses range from a low $3 million in the agriculture sector to over $177 million in transportation.
Large organizations and SMBs are equally at risk
The SMB mindset of ‘a cyber attack won’t happen to me’ is disproved in this research. While large companies are over 30x more likely to suffer multiple security incidents in a single year than smaller ones, the impact of a singular security incident on an SMB tends to be much greater, even though the frequency is less.
You see, the research found that SMBs were the victims in 89% of cyber loss incidents over 10% of annual review. As the research summarizes: “A $10B enterprise hit with the typical loss amount for that can expect a cost that represents 0.00516% of annual revenues. A small shop that brings in $100K per year could lose nearly its entire annual earnings in a typical loss event!”
All of this is to say that SMBs and large organizations must take cybersecurity seriously in equal measure. It takes just one attack to cause absolute chaos and lost revenue. Proactive defense is paramount.
System intrusions are the biggest threat to organizations
It’s hugely valuable for risk managers and security administrators to know how security incidents happen. The research found that the most successful attack type is system intrusion, which accounts for roughly half of events and half of financial losses over the past ten years.
System intrusions are defined as “attempts to compromise systems, applications, or networks by subverting logical access controls, elevating privileges, deploying malware, and so on.”
Closely following system intrusions is accidental disclosure at number two. This refers to incidents where employees, partners and suppliers accidentally expose or leak sensitive data.
The best way to defend against both of these risks is by deploying data loss prevention (DLP). DLP is a solution that continuously monitors, identifies and classifies data, ensuring it is protected with adequate controls 24/7 and only authorized by verified employees.
Account compromise and phishing are hackers favorite tactics
The research shows that phishing and compromising valid accounts are cybercriminals’ favorite techniques across industries. With the rise of cloud applications, compromised accounts are especially an issue.
If an attacker gets their hands on your employee’s cloud account details, they could potentially log-in from anywhere – unless you have the right detection tools in place.
Polymer DLP: Risk management made simple
Managing a plethora of evolving cybersecurity risks is undoubtedly a tough job, but it can be made much easier with the right tools. That’s where Polymer DLP comes in. Our intelligent, self-learning cloud DLP tool combats the risks of system intrusions and accidental data leakage, keeping your information safe from compromise 24/7.
Try out Polymer DLP today with a free risk scan.