Cyberattacks rise as security talent crunch prevails

Nearly two-thirds of organisations worldwide have seen an uptick in cyberattacks and about half experienced a breach, according to the State of Security 2022 report from Splunk.

The global survey was conducted from mid-January through mid-February 2022 and in partnership with the Enterprise Strategy Group. 

The 1,227 respondents, IT and security leaders and practitioners who spend more than half their time on security issues, were drawn from Australia, Canada, France, Germany, India, Japan, the Netherlands, New Zealand, Singapore, the United Kingdom and the United States.

Results show that 65% of respondents say they have seen an increase in attempted cyberattacks. In addition, many have been directly impacted by data breaches and costly ransomware attacks, which have left security teams exhausted.

Nearly half (49%) of organisations say they have suffered a data breach over the past two years, an increase from 39% a year earlier.

About four-fifths (79%) of respondents say they’ve encountered ransomware attacks, and 35% admit that one or more of those attacks led them to lose access to data and systems.

A majority (54%) of respondents report that their business-critical applications have suffered from unplanned outages related to cybersecurity incidents on at least a monthly basis, with a median of 12 outages per year.

The median time to recover from unplanned downtime tied to cybersecurity incidents is 14 hours. Respondents estimated the cost of this downtime averaged about $200,000 per hour.

“This survey has revealed that organisations are deeply concerned about supply chain attacks, especially after the SolarWinds hacks of 2020 and the Log4Shell incident in late 2021,” said Ryan Kovar, Distinguished Security Strategist at Splunk. “Ninety percent of organisations reported that they have increased their focus on third-party risk assessments as a result of those high-profile attacks.”

As cybercriminals become more persistent and workloads increase, many organisations have been impacted by the “Great Resignation” and the additional security challenges of remote work. 

These factors have exacerbated the already ongoing talent shortage within the cybersecurity industry as 76% of respondents say their team members have been forced to take on responsibilities for which they are not ready.

Also, 70% say that the resulting increase in their workload has led them to consider looking for a new role.

Among respondents, 85% of respondents say it has gotten harder to recruit and retain talent over the past 12 month.

More than half (53%) say they can’t hire enough staff and 58% cite an inability to find talent with the right skills.

More than two-thirds (68%) of respondents report that talent shortages directly led to the failure of one or more projects/initiatives, and 73% of respondents say that workers have resigned, citing burnout.