23 per cent of IT leaders unsure if their organization was breached last year: Survey
Sorry to have been silent for two weeks, but had to abandon my home as contractors repaired around every window in the place for water damage due to winter melting snow plugging the eavestroughs (and the work isn’t finished yet … ). The only rooms unspared were the bathrooms, which don’t have windows. My advice: If you have heating cables on your roof to avoid snow piling up make sure you check at least weekly that the cables are working. The cables should go into a GFCI wall outlet — like the one you have in your bathroom — with a red light that shows if the breaker has tripped. If there’s any snow on your roof, check the outlet daily. My electrician says roof cables should be activated BEFORE it snows.
OK, enough about me.
How ready is your firm to handle a cyber attack? It’s a question constantly asked by cybersecurity providers in surveys of infosec pros for marketing reports. Makes a great headline (“20/30/40 per cent of infosec pros doubt they can handle a cyber attack!!!)” or (20/30/40 per cent of infosec pros confident they can handle a cyber attack!!!!”). I find the question useless: Most infosec leaders do with the money they’ve been allocated — which is usually not enough — and cross their fingers. Who knows if they can handle the unknowable (unless you can pay for the Ultimate Penetration Test)?
Other questions are more informative. Take today’s 2025 Trends Report from Arctic Wolf. Of 1,200 IT and security decision makers at director level or above from organizations in 16 countries (including the U.S., Canada, the U.K. and Germany) with 50+ employees
—23 per cent of respondents admitted they were unsure if a breach had occurred in their organizations in the last 12 months. Another 52 per cent said their organization had been breached. That left 25 per cent certain they hadn’t been broken into;
—35 per cent suffered a significant malware infection in 2024;
—35 per cent suffered a business email compromise attack (BEC attacks fool employees into, for example, transferring money into a bank account controlled by a threat actor) in 2024;
—23 per cent were hit by “significant” ransomware and/or data exfiltration in 2024. That’s a drop from 45 per cent in last year’s survey. However, that may only suggest the number of “significant” ransomware attacks has dropped. Why? Maybe firms were more prepared
—but of those hit by ransomware 76 per cent paid some amount of ransom either from the firm or through insurance. Maybe firms aren’t so prepared for ransomware.
Of those who suffered a breach
—40 per cent said their IT environment lost productivity lasting one quarter. Another 19 per cent said the loss lasted two quarters
—35 per cent said their environment wasn’t impacted in a significant way. Perhaps they WERE ready for a cyber attack;
—more than half (56 per cent) of the organizations that experienced a significant cyber attack had not implemented multi-factor authentication (MFA).
So, do you feel ready to face a cyber attack? If not, why not? And what are you doing about it?
The report is available here. Registration is required.