The threat situation posed by cyber attacks has intensified further since the beginning of 2023. This is shown by the results of our study "From Cyber Security to Cyber Resilience". Security managers from 150 companies in Germany, Austria and Switzerland were surveyed for this study.
Increased cyber threat situation: Financial companies particularly hard hit
82 per cent of the companies surveyed reported an increase in threats compared to the start of the year, with this figure rising to 90 per cent for financial service providers.
Phishing attacks, the geopolitical situation and advancing digitalisation were identified as the main causes of the threats. 71 per cent of companies continue to see a significant risk from phishing campaigns and ransomware over the next two years.
Insider threats as the new top risk
The majority of companies identify the disclosure of data by employees as a new top risk. 65 per cent of respondents see a high risk potential in insider threats.
These are the biggest fields of action in the area of cloud security
Companies identify encryption and data protection as well as the protection of digital identities and access control as the biggest areas of action in the field of cloud security.
Many institutions see risks in their cloud migration. However, if implemented correctly, the cloud offers great security. Security by design supports the transformation.
Dr. Michael Falk
Partner, Consulting, Cyber Security
KPMG AG Wirtschaftsprüfungsgesellschaft
Christian Nern
Partner, Financial Services, Head of Cyber Security Solution
KPMG AG Wirtschaftsprüfungsgesellschaft
Internal security processes and AI: how companies are arming themselves
59 per cent of cyber attack victims are shifting more security processes in-house in order to take greater responsibility for cyber security themselves and not just delegate it to external IT service providers, who cannot usually be held liable.
Companies are increasingly relying on artificial intelligence to equip themselves technically for the methods used by hackers and to install defence mechanisms. For example, AI can help companies to uncover vulnerabilities and analyse a wealth of data. But AI knows no law or morality: both attackers and defenders use it to increase efficiency and reduce the costs of their activities.
Cyber security is about investing wisely and purposefully while finding cost-effective ways to improve security.
Investment topics for the coming years
Companies will increasingly invest in vulnerability management in the coming years. However, cloud security, identity & access management including PAM and security incident and event management are also seen as important investment topics in the coming years.
Cyber security: what companies should do now
It is important to make the transition from IT security to cyber security and ultimately achieve effective cyber resilience. 89 per cent of the companies surveyed recognised that it is important to gain transparency about the threat situation. To achieve this, more focus should be placed on the assessment of cyber risks. Knowledge of potential attack vectors is becoming crucial.
All detailed industry analyses and specific recommendations for action to increase cyber resilience can be found in our study.
