New Delhi: As global ransomware attacks surged 151 per cent in 2021, every organisation in the digital economy faced 270 cyberattacks on average, with each successful breach costing the company Rs 27 crore ($3.6 million), said a World Economic Forum (WEF) survey report published Tuesday.
Such events adversely affected the average share price of the hacked firm on the US NASDAQ index by -3 per cent even six months after the event, said the WEF report titled Global Cybersecurity Outlook 2022.
Companies, on average, need 280 days to identify and respond to a cyberattack, making the cost of a breach more “troubling”, it added.
The findings are based on a survey of 120 cyber leaders from 20 countries over 2021 across the world. The WEF Centre for Cybersecurity held the survey in collaboration with consultancy firm Accenture. In addition to the survey, information was gathered through a series of ‘Cyber Outlook’ sessions, interviews and ‘bilateral meetings’, and data from WEF reports, research and articles and third parties.
Ransomware attacks top concern
The WEF report said cybercrime rose after the Covid-19 pandemic struck. “The global digital economy has surged off the back of the Covid-19 pandemic, but so has cybercrime — ransomware attacks rose 151 per cent in 2021,” said the report.
“Ransomware attacks saw a significant increase in the first six months of 2021,” it said, adding that cyberattacks per organisation rose 31 per cent in 2021 as compared to 2020.
Ransomware is the topmost concern for organisations when it comes to cyberattacks, followed by ‘social engineering’ (such as through phishing emails), and malicious insider activity, the survey found.
“The rise of supply chain threats and escalating ransomware attacks are the most pressing cyber challenges the international community needs to address,” the WEF report quoted David Koh, commissioner of cybersecurity and chief executive of The Cyber Security Agency of Singapore, as saying.
“Looking ahead to 2022-2023, cybersecurity must be seen as a strategic business issue that impacts decision-making,” added Nancy Luquette, executive vice president and chief risk and compliance officer of S&P Global, an American firm dealing in market intelligence.
Cyber resilience important now
The WEF report also stressed that cybersecurity is no longer enough and cyber resilience is what’s important, since it can take as long as 10 months to detect a security breach, by which time, financial damage to the company is considerable.
“We are at a crossroads, a point at which cyber resilience has become the defining mandate of our time — beyond foundational security controls — to anticipate future threats, withstand, recover from cyberattacks, and adapt to likely future digital shocks,” said WEF Cybersecurity Strategy Lead Algirde Pipikaite.
The report cited some of the common practices used to develop cyber resilience such as insurance against such incidents, with 71 per cent of respondents saying they have cyber insurance to limit financial liability.
The cyber insurance market is changing with the average premium increasing by 180 per cent in 2021 due to rising volume of ransomware attacks, the report noted.
(Edited by Amit Upadhyaya)