63 percent of organisations suffered a cybersecurity breach in 2021

Cybersecurity is a looming threat over organisations with a new report stating last year 63 percent of businesses were breached.

The Forrester report, the 2021 State of Enterprise Breaches explained in the past 12 months organisations were breached an average of three times.

The authors explained, “It’s not surprising that this was less than in the previous year, given the shift to remote work during the COVID-19 pandemic. However, more organisations were breached globally than in the previous year at 59 percent. Regions that hesitated to address challenges with business alignment were breached at a higher rate than those that addressed such challenges early on.”

Enterprises spend a median of 37 days and a mean of $2.4 million to find and recover from a breach, the authors said.

Globally, organisations took a median of 27 days to find an adversary and eradicate an attack, while organisations that had a lack of adequate incident and crisis response preparation took a median of 35 days.

Organisations took a median of 10 days to recover from a breach, while those that had a lack of adequate incident and crisis response preparation took a median of 11 days to recover.

According to Forrester, it also cost organisations a global mean of $2.4 million in total per breach, while it cost organisations that had a lack of adequate incident and crisis response preparation a mean of $3 million.

Security leaders are more concerned about external attacks than any other attack vendor, Forrester said. While this may be the case, breaches come in various ways and are much more evenly spread in frequency among external attacks, lost/stolen assets, internal incidents, and third-party providers

In APAC, Forrester explains organisations had issues getting the right security platforms and therefore suffered more attacks. In 2021, 68 percent of respondents in APAC stated they had at least one breach in the past 12 months, compared to 63 percent globally.

According to the authors, this is a big change from 2020, when Asia Pacific experienced breaches much more on par with the rest of the world, at 61 percent and 59 percent, respectively.

“There are several reasons for this: a renewed focus on APAC following the COVID-19 pandemic; 28 percent of security decision-makers at breached enterprises in APAC in 2021 struggling to convince the organisation of the business value of security purchases (8 percentage points higher than the global number).

“Ineffective detection technologies (cited by 30 percent of security decision-makers at breached enterprises in APAC as one of their top challenges, compared to 22 percent globally).”

Those organisations that had a threadbare incident and crisis response preparation took longer to recover from breaches and found them more costly.

“Having defined steps written down, known, and tested prior to an incident, along with an incident response retainer, speeds response time and improves the completeness of response. Preparedness is crucial in this effort, especially when recovery is measured in days. Some of this may have been hastened by regulatory requirements, as shown by the varying results at different regions,” the authors said.