Arctic Wolf, a leader in security operations, has published findings from a recent global survey it commissioned of over 900 senior IT and cybersecurity decision-makers at enterprise organizations across the globe.

After a year of geopolitical and economic uncertainty, the survey data reveals executive attitudes on a wide array of cybersecurity and business issues entering 2023.

Arctic Wolf Survey Reveals Executives’ Lack Transparency and Accountability Around Cyber Incidents Amid Economic Uncertainty and Geopolitical Unrest

Key findings of the survey include:

Economic Uncertainty Is Having an Impact on Future CyberSecurity Investments

• A quarter (25%) of organizations have reduced headcount in their IT or security department in the last year. Only sales and marketing teams saw a higher rate (26%) of layoffs.
• Inflation is the top business concern entering 2023, with over half (53%) of organizations saying it is impacting their business. Over the same period last year, continued cyber attacks was the top concern among nearly two-thirds (63%) of executives, but now is only cited by 36% of leaders
• One-in-five businesses (21%) are not planning to increase their cybersecurity budget in 2023

Organizations are Plagued by Lack of Transparency and Accountability Around Cyber Incidents

• If an organization was to experience a breach, only 25% would disclose it to their customers, and just over half (52%) would disclose it to their own executive team
• Despite the uptick of supply-chain attacks globally in recent years, less than a third (23%) of business leaders in the technology and telecom industry would disclose an incident to organizations they provide services to
• Who gets the blame? 47% of respondents say they would place the blame for a breach on their cybersecurity or IT Team, while only 12% of executive leaders would take ownership themselves

Ransomware Takes a Backseat to Cloud and Business Email Compromise (BEC) Fears

• Fear of a cloud-based data breach is the top concern for IT decision-makers, with nearly half (48%) of respondents ranking it as the top area of concern
• Over half of enterprises (52%) surveyed admit to having experienced at least one major security event in the last year. Over a third of those companies experienced either a business email compromise (BEC) (36%) or a cloud breach (35%)
• Why the uptick in BEC attacks? In the last year, 44% of executive leaders claim to have gotten a malicious message on a social networking site like LinkedIn, while 41% claim to have received a text message or email impersonating another executive at their company

Russian Retaliation a Top-of-Mind Concern for Business Leaders

• 57% of respondents fear a cyber backlash from Russia if the Ukraine war finishes or slows, in revenge for sanctions
• Two-out-of-five (41%) IT decision-makers see Russia as the greatest source of threats targeting their businesses, with China being a distant second (26%). During the same period last year, China and Russia were seen equally as dangerous by security leaders.
• Over half of enterprises (57%) have pulled or reconsidered businesses operations in Russia and/or China due to cyber risks in the last year

“While a turbulent economic climate will have many executive leaders taking a long hard look at their budgets over the coming year, threat actors will certainly continue to invest in developing new tactics, techniques, and procedures with the end goal of executing cyber attacks,” said Ian McShane, VP of strategy, Arctic Wolf. “With over half of organizations experiencing a breach in the last year, it is no longer a matter of ‘if an incident occurs,’ it’s ‘when’. To defend against ransomware, BEC, and cloud-based attacks, executives must build their security culture from the top down and ensure business-wide accountability in protecting their customers, employees, and partners.

Research Method:

Commissioned by Arctic Wolf, the research surveyed over 900 senior IT decision-makers and business executives in the U.S., U.K., and Germany. The survey’s findings detail the attitudes and beliefs that cybersecurity decision-makers at enterprise organizations have on a wide array of cybersecurity and business issues.