In this episode, I sit down with longtime industry researcher Wade Baker to dive into Cyentia's latest IRIS report. The report provides a data-driven look at incident trends, impacts, costs, and more.
Are cyber incidents becoming more or less frequent? Are specific industries doing better than others? What does the average incident impact actually look like?
Tune in to learn the answers, along with many other interesting insights!
Interested in sponsoring an issue of Resilient Cyber?
This includes reaching over 45,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives
Reach out below!
We walked through key findings:
The report found that the number of security incidents continue to climb YoY, which isn’t a surprise, although there has been peaks and valleys throughout various periods, note the huge uptick in 2021~
Similar to recent reports such as DBIR and M-Trends, application exploitation (e.g., system intrusion) is climbing. In contrast, methods such as physical threat and others have declined due to increased cloud adoption, virtual infrastructure, and so on.
One finding that may surprise some is that the proportion of incidents is going down for some organizations, particularly the largest enterprises, while it is going up for SMBs and smaller organizations. This ties to concepts such as the cybersecurity poverty line, which I have discussed in other articles, such as with
in our article “Lifting the world out of cybersecurity poverty.”This is likely due to factors such as large enterprise organizations having robust security teams, larger budgets, being able to afford the latest security tooling and more, while SMB’s often fail to have many of these and deal with resource constraints in both dollars and expertise.
We also see sectors which had historically low incidents now climbing, likely due to factors such as increased adoption of software and being digitally connected, as well as being a previously untapped sector for attackers
The probability of incidents is also climbing, being at just 2.5% is 2008 to now reaching nearly 10% in a given year
The reported losses also varies, as seen below:
It’s worth noting that the $603k median is likely driven by the fact that most incidents are impacting SMBs, who are smaller targets and have less financial potential in terms of impact.
The financial impact continues to grow, too. Hitting 15.20x for the 50th percentile of incidents and 4.75x for the 90th percentile
We walk through many more findings as well, so be sure to check out the full conversation as well as grab a copy of the report here for FREE!
Share this post