On April 5, 2023, Bitdefender, a global cybersecurity company, released its 2023 Cybersecurity Assessment Report based on an independent survey and analysis of IT and security managers. The survey consisted of over 400 IT and security professionals from companies with 1,000 or more employees in various regions, including France, Germany, Italy, Spain, the United Kingdom, and the United States. The report reveals the top security concerns, practices, and challenges faced by businesses across their environments.
One of the report's alarming findings is that over 42% of IT and security professionals surveyed have been told to keep a breach confidential when they knew it should be reported, and 30% have kept a breach confidential. In the U.S., 71% of IT and security professionals have been told to keep quiet, followed by the U.K. at 44%, Italy at 36.7%, Germany at 35.3%, Spain at 34.8%, and France at 26.8%.
The report also highlights that more than half of the businesses surveyed suffered a breach in the last 12 months, with the U.S. leading at 75%, followed by the U.K. at 51.4%, and Germany at 48.5%. Respondents revealed that software vulnerabilities and/or zero-day threats are the top security threats that concern them the most (53%), followed by phishing/social engineering threats (52%) and attacks targeting the supply chain (49%). The report notes that cybercriminals exploit known software vulnerabilities using proof of concept attacks, which correlates with Bitdefender Labs' research.
The top challenges faced by IT and security professionals surveyed are extending cybersecurity capabilities across multiple environments (43%) and the complexity of security solutions (43%), sharing the first place. Lack of security skill set to drive total value came in as a solid second at 36%. Italy and France cited a lack of security skill set as their biggest challenge at 49% and 45%.
The report also reveals that almost all respondents (99%) consider using a managed security provider, such as a managed detection and response service, as a critical element of their security programs. Respondents' top reasons for using managed security providers include having 24x7 security coverage (45%), followed by the ability to free up internal IT/cybersecurity resources (35%). Ninety-three percent of respondents identified proactive threat hunting as necessary.
In conclusion, the report underscores the importance of layered security that delivers advanced threat prevention, detection, and response across the entire business while improving efficiencies that allow security teams to do more with less. The report emphasizes the need for organizations to manage a broader set of their security exposures, including the increasing attack surface due to new hybrid work, accelerating use of cloud infrastructure and applications, more interconnected supply chains, expanding public-facing digital assets, and expanding IoT exposures.
In our blog, we post technology-related articles weekly. Follow us on Facebook and Instagram to get notifications about updates.
