Businesses lost 9% of revenue from cyber attacks in 2022

Fastly, Inc., a leader in global edge cloud platforms, has today launched its new annual global cybersecurity report, uncovering the staggering impacts of cyber attacks on leading businesses across the globe, with each of these suffering an average of 46 known cyber attacks this year. This survey also reveals the hugely damaging financial effects of security breaches, with businesses losing 9% of their revenue over the last 12 months as a direct result of the cyber attacks they have suffered. But financial damage is not the only result of cyber attacks. Businesses also highlighted network outages (34%), data loss (29%), web applications being taken offline (24%) and customer account compromises (22%) as the most common damages caused by security breaches.

Sean Leach, VP Technology at Fastly, explained why these cyber attacks are so damaging: “While the immediate results of a cyber attack can be extremely damaging, what really hits businesses hard is the time it takes them to recover from these. On average, it will take businesses 7.5 months to recover from the loss of client trust as a result of a cyber attack. That is highly sobering for organizations which cannot afford to lose business in today’s economic climate. Once trust is broken, it’s very difficult to recover. This means a single cyber attack - particularly one resulting in a customer data breach - will have long-term impacts on the business that suffers it. During an uncertain economy, the long-term financial consequences of suffering a security breach cannot be ignored.”

In recognition of the financial implications of not having the correct security infrastructure in place, businesses are reevaluating their investments, with 76% planning to increase their cybersecurity budgets in the next year. Despite this increase, uncertainty continues to reign in security teams, with 35% of security professionals feeling they spent too much on cybersecurity tools in the last 12 months, compared to 18% who feel they did not spend enough. Representative of this conflicted spending strategy is the fact that only 55% of security tools are being fully deployed, representing significant money left on the table in the fight against cyber criminals.

The diminishing talent pool in security is also causing issues. In fact 30% of cybersecurity professionals estimate that security issues in the last 12 months were caused by the talent shortage, with 33% predicting this will continue in the next 12 months. Accordingly, over the past year 47% of businesses have increased their talent-specific budgets to solve the problems presented by the existing talent pool. A lack of experience dealing with new threats (46%), a lack of necessary skills (36%), and an inability to work at scale (36%) are seen by security professionals to be the core challenges facing the talent pool, which have significantly complicated the hiring process.

One potential solution to these challenges is Generative AI, which 51% of security professionals are expected to invest in over the next two years. This is also the top security priority for businesses over the next 12 months, with 37% focussing on AI security. This increased prioritization comes as a result of the double-edged sword Generative AI presents. On one hand, it is predicted to be the 2nd most prevalent threat driver in the next year, but on the other, in the same time period 75% of cybersecurity professionals estimate Generative AI’s impact will be positive.

Leach added: “Despite now prioritizing the resolution of challenges related to the talent pool for the last two years, many businesses continue to try to address these by simply spending more. While this strategy can help businesses to secure the top talent, it ignores the technological developments - and alternative solutions - that can help security teams overcome their personnel challenges. Among these, we’ve seen that Managed Security Services (MSS) and Generative AI have been particular focus areas as businesses look to reduce the toil for their in-house security teams by taking time-consuming work off their hands to increase productivity, unlock new opportunities for innovation and ensure businesses are better protected across their attack surface.”