The vast majority of UK businesses have suffered data breaches over the past 12 months, many of them multiple times, according to new research from Carbon Black.
The endpoint security vendor’s second UK Threat Report is based on interviews with over 250 CIOs, CTOs and CISOs in the country from a range of industries.
Of the 88% of respondents that claimed to have been breached over the previous year, over a quarter had seen this happen five or more times. That’s an average of 3.7 breaches per organization — up from around 3.5% in last September’s report.
Unfortunately, 100% of government and local authority respondents said they’d been breached: five times or more for 40% of them. That amounts to an average of just under 4.7 breaches per public sector organization.
Some 87% of total respondents said they’d seen an increase in attack volumes, up from 82% in September, while 89% of respondents claimed that attacks had become more sophisticated.
Phishing attacks were the root cause of just 20% of successful breaches, a much lower figure than the 93% claimed by Verizon in its 2018 Data Breaches Investigations Report.
Malware (27%) was described as the most prolific attack type, followed by ransomware (15%).
Rick McElroy, head of security strategy for Carbon Black, claimed the findings prove cyber-attacks are escalating.
“The report suggests that the average number of breaches has increased, but as threat hunting strategies start to mature, we hope to see fewer attacks making it to full breach status,” he added.
Carbon Black defines a breach for the purposes of this research as “the release of secure or private and confidential information to an untrusted environment,” although a spokesman told Infosecurity that individual respondents may have different interpretations.
However, either way, the good news is that 93% of organizations surveyed said they plan to increase security spending. In addition, 60% said they are proactively threat hunting, an activity which 95% claimed has improved their security posture.