That increased awareness has varying levels of impact on respondents’ cyber warfare preparedness, as preliminary findings suggest
In a survey of more than 6,000 IT and security professionals firms with more than 100 employees in the UK, USA, Spain, Portugal, France, Italy, Germany, Austria, Switzerland, Australia, Singapore, Japan, the Netherlands, and Denmark on the state of cyber warfare, preliminary findings suggest that more people were seeing more threats of cyber warfare as a result of the war in Ukraine, evident from the increased threat activity experienced on theirs network between May 2022 and October 2022 when compared to the six months prior.
Representing the Asia Pacific and Japan region (APJ) were around 500 respondents each from Australia, Japan and Singapore.
The survey report asserts that the Russian invasion of Ukraine has not only tragically upended the lives of countless people in a sovereign nation, but it is also causing geopolitical shockwaves of cyber warfare that will reverberate for the foreseeable future: “Today’s cyber targets extend well beyond governments; any organization is a potential victim, with critical infrastructure and high-value entities at the top of the list,” according to the press release.
Key findings
In the data, 33% of global respondents were not taking the threat of cyber warfare seriously. These people identified as indifferent or unconcerned about the impact of cyber warfare on their organizations as a whole. More than 64% of IT and security professionals surveyed indicated that the war in Ukraine had created a greater threat of cyber warfare.
Additionally, 45% of respondents indicated that they had had to report an act of cyber warfare to the authorities. Also:
- 40% of C-level (CTO, CIO, and CISO) indicated experiencing more threat activity during the same timeframe: including those food and beverage (44%), telecommunications (44%), automotive (43%), retail/wholesale (42%), and technology (42%)
- 55% of respondents indicated that their organizations had stalled or stopped digital transformation projects due to these threats. This percentage was even higher in specific countries, including Australia (79%), the USA (67%), Singapore (63%), the UK (57%), and Denmark (56%).
- 24% of global respondents felt unprepared to handle the cyber warfare threat. Also, the lowest-ranked security element among IT and security professionals was preventing a state-sponsored attack.
- 74% of global respondents responsible for critical OT infrastructure surveyed indicated that boards of directors were changing the organizational culture towards cybersecurity in response to the threat from cyber warfare. For Industries most commonly associated with critical infrastructure, the convergence of IT and operational technology (OT) in Industry 4.0 was apparent from the responses. Databases and personally identifiable information were ranked as the greatest concern. Critical infrastructure (physical equipment and facilities), operational downtime, and intellectual property rounded out the midrange of at-risk areas, with connected devices coming as the lowest concern across critical infrastructure sectors.
- 72% of respondents in IT for healthcare, medical, and pharmaceutical environments indicated that their boards of directors are changing their organization’s culture towards cybersecurity in response to the threat of cyber warfare. Also, 45% of respondents in healthcare firms indicated that they spend less than 10% of their IT budgets on cybersecurity. On average, global healthcare respondents indicated they spend around 11% of their company’s IT budget on cybersecurity, with some spending 11–15% (35%) or 16–20% (20%), and few spending 20% or more (less than 1%).
- 42% of IT professionals surveyed predicted their organization investing in vulnerability management immediately, while 28% were predicting this within the next six months. Also, 37% of respondents indicated their companies would make investments in asset management immediately, and 30% indicated this within six months.
- 33% of respondents also foresaw their organizations’ adoption of zero trust models immediately, while 28% indicated this within six months.
- 41% of global respondents indicated their organizations will invest in increased cybersecurity training immediately, while 46% indicated this to be likely over the 12 months, while 4% indicated that they will not be taking any action to increase cybersecurity training.
- 24% of global IT professionals indicated their organization always paid cyber ransoms; 31% indicated this only “when customer data is at risk”; 26% indicated their organization never pays, and 19% indicated that “it depends”.
- 53% of APJ respondents indicated having experienced one or more cybersecurity breaches, comparatively the least among the regions, with EMEA at 58%, and 73% in the US.
- 90% of respondents in government organizations were confident that their country’s home nation can protect against cyber warfare, with 55% of global respondents believing their government agencies were unable to cope with and ultimately remediate the negative impacts of cybercriminals.
According to Nadir Izrael, CTO and co-founder, Armis, which commissioned the survey: “Cyber warfare is the future of terrorism on steroids, providing a cost-effective and asymmetric method of attack, which requires constant vigilance and expenditure to defend against. Clandestine cyber warfare is rapidly becoming a thing of the past. We now see brazen cyberattacks by nation-states, often with the intent to gather intelligence, disrupt operations, or outright destroy data. Based on these trends, all organizations should consider themselves possible targets for cyberwarfare attacks and secure their assets accordingly.”