One in three companies faced at least one cybersecurity incident in 2022
Proximus has published its fourth annual cyber security report, conducted in collaboration with its affiliates Davinsi Labs, Proximus SpearIT, Telindus Luxembourg and Telindus Netherlands. According to the report, 32% of respondents confirmed to be aware of one or more cybersecurity incidents having occurred within their organization in 2022. Nearly half of these incidents came with a financial impact, and one third prevented employees from doing their job. The sense of urgency to reinforce cyber resilience seems to be growing: an increasing number of companies organize awareness trainings for their employees and over 20% have significantly boosted their cybersecurity budget in the past year.
For the 4th year in a row, Proximus surveyed how companies in Belgium, The Netherlands and Luxembourg deal with cybersecurity. More than 250 CEOs, CI(S)Os, and IT managers participated in this survey, which resulted in the research report The impact of cybersecurity on companies in the Benelux.
The report shows that 32% of respondents had to deal with a cybersecurity incident within their organization in 2022. In almost half of the cases, the incident is linked to an intentional attack. Social engineering (e.g. phishing), makes up the lion’s share of the attacks. Ransomware and malware, such as viruses, worms, and Trojan horses, complete the top 3. Among incidents with an accidental nature, unauthorized activities and data breached are most frequently reported.
The consequences for the affected companies are often severe. Thirty percent of the reported incidents resulted in employee downtime. Nearly one in two have a financial impact, with costs primarily linked to incident reporting, reduced productivity, and reputational damage.
Wouter VandenbusscheProduct Owner Cybersecurity at ProximusThe human factor in cybersecurity is still an underestimated risk. Most incidents nowadays still originate from a weakness in the human firewall. Attackers find it much easier to exploit the gullibility of users over the weaknesses in technical protections measures.
Increasing sense of urgency to reinforce awareness and response strategies
The frequency of incidents is significantly higher at large corporations with more than 2,000 employees (60%), compared to small and medium-sized companies (25%). The result shows that large organizations are more popular targets for cyber-attacks but could also point to better tracing. This seems to be confirmed by the differences in terms of attention paid to awareness raising. Among large companies (>250 employees), almost 80% organizes training to raise awareness around cyber threats at least once a year. Among SMEs, this is only 54%.
In general, around 80% of companies stated to have a cybersecurity strategy in place or in preparation. A detailed incident response procedure is in place or being developed in 7 out of 10 companies. The sense of urgency is higher among companies that experienced an incident in the past year.
The increased attention for cyber security is also reflected in the allocated budgets. Even in difficult budgetary times, over 1 in 5 participating companies boosted their cybersecurity budget by 20% or more in the past year. Large enterprises demonstrated the most substantial increase, with one in three respondents reporting a significant budget boost.
This report clearly shows that security is a major concern for both large and small organizations, not only because the frequency of cyber attacks continues to increase but also given the financial damage and operational impact cyber attacks can provoke. We notice that C-level decision makers of companies and institutions are increasing their budget to fight cyber threats and we expect this trend to continue. But it’s not just about money: information to and knowledge among employees to be able to detect malicious actions are key to a successful cybersecurity strategy. With our diverse team of specialists, supported by our ecosystem of security partners, Proximus is there to help business customers increase their cyber resilience.
