Article
63% of Businesses We Polled at Collision Expect to be a Victim of a Cyber Attack in 2023
Key findings from our survey at the conference offer a temperature check on cyber risk
More than 60% of businesses we recently polled said they’re likely to be a victim of a cyber attack in 2023. And that’s not including the 17% who reported they’d already been hit by an attack this year.
Our data is from the Collision Conf this month, where we collected responses from 200+ attendees on their top cybersecurity concerns and priorities.
Their responses offer valuable insights into how companies are thinking about cybersecurity right now. Here are the survey results in their entirety, plus our takeaways:
1. How Likely Do You Think it Is That Your Organization Will Be the Target of a Cyber Attack in 2023?
A surprisingly high number of respondents (17%) reported that they have already been the target of a cyber attack in 2023. Nearly half (48%) considered it “very likely,” and 15% rated it “unclear” or “possible.” Only 5% thought it was “not likely.”
The answers suggest that cyber attacks are now a fact of life for most companies, and it’s only a matter of time before the next attack arrives. Organizations aren’t immune because of their size, industry, or tech dependence — cyber risk applies to everyone.
2. Which of These Threats Pose The Highest Risk to Organizations?
Data breaches were cited by 48% of respondents as the greatest risk, followed closely by phishing with 40.5%. Rounding out the results were identity theft (6.5%) and ransomware (5%).
These fears are well-founded. Data breaches can inflict massive financial loss, and phishing remains a highly effective tactic used in tons of cyber attacks. Ransomware rating last is unexpected, though, since these attacks are currently rising in frequency.
3. How Confident Are You That Your Organization Can Effectively Combat Cyber Attacks?
On a scale of 1-5, with 1 as “not at all confident” and 5 as “very confident,” only 12% of respondents picked 1, 17% picked 2, and 21.5% picked 3. The most responders (27%) chose 4, and 22.5% chose 5.
More than half the respondents picked a 4 or 5, indicating strong confidence in cybersecurity. That said, the vast majority of respondents felt less than “very” confident, suggesting widespread doubt that companies can effectively stop all the threats targeted at them.
4. How Valuable Do You Think Cybersecurity Is to Your Company?
On a scale of 1-5, with 1 as “not at all” and 5 as “incredibly valuable,” less than 15% of all our respondents combined picked 1, 2, or 3. The #4 ranking received 21% of the votes, but by far most respondents (64.5%) picked 5.
These results aren’t surprising given that most of the companies in our survey have been a recent target of cyber attack or consider it very likely. Cybersecurity becomes essential in a landscape where attacks are imminent.
5. What Factor(s) Do You Value Most Highly When Getting or Retaining Cyber Insurance?
Most respondents (54.5%) chose “quality of coverage” as the top factor. The remaining responses were split fairly evenly between “increased volume of threats” at 15.4%, “reputation of insurer” at 13.8%, and “pricing of coverage” at 16.3%.
Respondents have their priorities in the right place. Coverage costs and provider reputations are both important, but what is and isn’t included in the policy matters most, especially as the volume of threats increases. Policy details are also the greatest differentiator between cyber insurance providers.
6. Do You Think Your Company Adequately Values Cyber Insurance?
The response was split almost perfectly in half. People who answered “yes” made up 51.8% of the group compared to 48.1% who said “no.”
It’s a positive development when the majority of companies adequately value cyber insurance, but it’s impossible to ignore the large number who don’t. Under-valuing cyber insurance can lead to being under-insured, which can leave an organization exposed to serious cyber risk. This is particularly alarming considering the growth in volume and sophistication of cyber attacks with every passing year.
Final Takeaways: InsurSec Is the Future of Cybersecurity
Our polling reveals that today’s decision-makers are certain that cyber attacks are coming their way, but less than certain they can prevent, stop, or recover from the attacks. They realize the importance of having both cybersecurity and cyber insurance to offer protection from multiple angles — but what’s important to emphasize is the link between the two.
Neither cybersecurity nor cyber insurance is enough on its own. Focusing on just one or addressing each separately results in unacceptable security gaps and risk exposures. Working together, however, they provide formidable defenses that insulate companies from cyber attack damage in all its many forms.
The emerging InsurSec (insurance + security) approach provides comprehensive protection in a world of rising cyber risk. It’s the proper paradigm for addressing cyber threats. More importantly, it provides powerful confidence in cybersecurity — something that so many respondents are clearly seeking but not yet finding.
The solution to protecting businesses, especially SMBs is an end-to-end prevention and protection framework which helps prevent attacks before they happen, and also offers financial protection so they can recover quickly from any loss.
An InsurSec provider shares your incentive to avoid financial loss and uses expertise and data to help you make better security decisions that will have the biggest impact on your risk. See how our new InsurSec solution, At-Bay Stance, can help you gain visibility and peace of mind. So you can focus on what you do best: growing your business.