New Cloudflare study reveals that 64% of
business leaders expect a cybersecurity incident in the next 12
months, but only 29% feel highly prepared to defend against
them
Cloudflare, Inc. (NYSE: NET), the leading connectivity cloud
company, today released a new study focused on cybersecurity in
Europe. The report, called “Shielding the Future: Europe's Cyber
Threat Landscape Report,” shares the latest data on how
organisations are coping with rising volumes of cybersecurity
incidents, their levels of preparedness, and top challenges.
These new findings reveal an ongoing concern around growing
cybersecurity threats and a feeling of unpreparedness among
European businesses.
Cybersecurity attacks are increasing in volume and
frequency
The survey, which was conducted with more than 4,000 business
and technology leaders across 13 European markets (Benelux, CEER,
DACH, Nordics, Southern Europe, UK), found that 40% of
organisations experienced a cybersecurity incident in the last 12
months.
Of those that suffered such an event, 84% report that the
frequency of these events has increased over the same period, with
almost one in five (16%) suffering a cybersecurity attack every
6-11 days. Meanwhile, 62% say that attacker dwell time has also
increased in the same time period.
Looking ahead, two-thirds (66%) of respondents believe that they
will see even more attacks within the next year and a significant
64% say that they expect to suffer a cybersecurity incident within
the next 12 months.
Majority of organisations unprepared for cybersecurity
threats
Concerningly, despite the increasing volume and frequency of
these attacks, only 29% of respondents say they are highly prepared
for cybersecurity incidents in the future.
Additionally, industries that had experienced fewer attacks were
also among those least prepared. Just 28% of those working in
healthcare and 31% of those working in education claimed to have
suffered an attack in the last 12 months. For those same
industries, the perceived level of preparedness for an incident in
the future was low – just 18% and 19%, respectively.
The reverse is true for those in the IT & technology
industry. With almost half (49%) being attacked in the last year,
however, organisations in this field are seemingly on their guard.
Over a third (35%) of respondents from this sector say they are
highly prepared for an attack, making it the industry most
confident in its ability to deal with an incident, followed by
companies in financial services and retail (32% and 31%,
respectively).
When looking at organisational size, the lack of preparation by
smaller businesses is a particular concern, with only a quarter
(25%) claiming to be highly prepared. Medium-sized and large
businesses do not fare much better though, with only 27% and 32%,
respectively, claiming high levels of preparedness.
The cost of a breach is more than financial
For those businesses impacted by a cybersecurity breach, more
than a third of respondents (39%) say that the most significant
effect remains financial. More than one in five (22%) claim to have
lost revenue following an incident. In addition, 23% have suffered
increased insurance premiums, 22% have paid fines, and another 23%
have experienced legal action. A further one in five (19%) have
been forced to lay off members of the team due to the financial
losses experienced in the aftermath of an incident.
Looking at the numbers more closely, almost two-fifths (38%) of
respondents say that the financial impact of the incidents they
suffered cost between GBP 788,000 ($1M) and GBP 1.576 million
($2M), while a quarter (25%) estimated the loss to be GBP 1.576
million ($2M) or more.
A further 17% said that reputational damage was the most
significant effect. Additionally, 31% put growth plans on hold in
the aftermath of an incident, while over a quarter (28%) have
temporarily suspended business operations.
Businesses aim to simplify and modernise solutions in the
face of diverse threats
It’s unsurprising that financial gain was at the heart of many
attacks (48%) across the European countries surveyed. However,
survey respondents also believe that the threats they have
experienced have a much wider range of objectives.
The majority (53%) of those impacted by an incident in the last
12 months say that the main purpose was to plant spyware. And
almost half (48%) of those surveyed say that ransomware plants were
the main purpose for the attack.
When it comes to the most commonly experienced attack vectors,
these too are diverse. Phishing tops the list, with almost three in
five (59%) respondents claiming to have seen this approach. That’s
closely followed by web attacks (58%) and DDoS attacks (37%). Also
prevalent were stolen credentials and business email compromise,
with almost a third (32%) having experienced these.
When it comes to tackling these issues, onboarding more products
seems to be the go-to response. In fact, nearly half (49%) have
more than 11 different products and solutions. The vast majority
(72%) believe that this complexity is having a negative impact on
their effectiveness, and yet two-thirds (67%) expect the number of
tools they adopt to increase in the next 12 months.
Notably, the three most pressing challenges cybersecurity
decision makers and leaders face are: consolidating and simplifying
cybersecurity estate (48%); modernising applications used by
organisation (47%); and modernising networks operated by
organisation (42%).
Further education on Zero Trust is required for maximum
impact
Respondents report three clear problems in the existing
architectures they work with: applications and data stored in the
public cloud; limited oversight over IT supply chains; and
over-reliance on VPNs to protect applications (with each factor
mentioned by 34% of respondents).
Given these problems, it is unsurprising that securing a hybrid
workforce is a top priority, coming in the top three for more than
a third (36%) of our respondents.
Worryingly, for many organisations, deployment of
countermeasures is a long way behind, and in some cases not yet
started. Despite widespread recognition of its ability to protect
hybrid or remote workers, when looking at deployment of Zero Trust
network access, just 25% of respondents say this solution is fully
deployed and over half (58%) say that Zero Trust adoption is still
in its early stages.
While two-fifths (44%) say they are optimistic about the ability
of Zero Trust to consolidate technology upgrades, our respondents
also indicated a lack of faith in their leadership teams’ knowledge
of the tool. In fact, the majority (86%) believe their leadership
does not fully understand it, while nearly one in five (16%) say
their leadership has either partial or no real understanding.
According to 42% of those surveyed, this lack of understanding is
the single biggest barrier to adoption.
Despite increased budgets, funding, talent, and training
remain challenges
With business leaders anticipating more cybersecurity incidents,
it’s positive to see that 54% of respondents expect their IT budget
for cybersecurity to increase in the next year.
A quarter (25%) of business and IT leaders expect cybersecurity
to make up at least 20% of their organisations' IT spend in the
year ahead. And of those expecting a budgetary increase, two thirds
(66%) anticipate a rise of more than 10%.
For the majority, protecting their networks remains the number
one investment area, with nearly 24% of the budget allocated to
this pillar on average. Despite being the area where respondents
see a significant lack of preparedness, devices are set to receive
the second lowest allocation of budget share.
In terms of how this budget allocation is decided, the top two
determinants were the number of incidents experienced (34%) and the
cost of dealing with them (20%), revealing that most organisations
appear to remain reactive in their funding allocation
decisions.
Funding remains the top concern for 46% of our respondents.
However, other concerns, such as a lack of talent (41%) as well as
the evolving business requirements and user needs (30%), also keep
business and tech leaders awake at night.
Interestingly, despite the increasing volume of attacks, a
quarter (25%) cite a lack of buy-in from leadership as a key
challenge. With less than a quarter (23%) having not undertaken
leadership or general employee training, it is therefore
unsurprising that 21% of business and IT leaders rate their
organisations' cybersecurity culture as weak or neutral.
“Organisations across Europe are managing an increasingly
complex cybersecurity landscape, all while ensuring operational
efficiency, regulatory compliance, and uninterrupted productivity.
With incidents on the rise in both volume and frequency, this
balancing act becomes even more challenging, leaving leaders with a
sense of diminishing control over their organisations’
technological and security frameworks,” said Andy Lockhart, Head of
EMEA at Cloudflare. “This significant challenge requires innovative
solutions capable of integrating diverse technological components
into a cohesive and agile framework. The age of siloed legacy
infrastructures is giving way to a new model of ‘any-to-any’ cloud
platforms, creating catalysts for innovation and growth. By
concentrating on strategic integration any-to-any cloud platforms
empower leaders to transform technological challenges into
competitive advantages. Adopting this approach will help shape a
future where connectivity and innovation are at the heart of
business success, opening the door to unlimited possibilities,”
adds Lockhart.
To find out more about the Europe Cyber Threat Landscape Report,
please check out:
Survey Methodology
This survey was conducted by Sandpiper Communications, on behalf
of Cloudflare across a total of 4,261 leaders responsible for
cybersecurity in small (150 to 999 employees), medium (1,000 to
2,499 employees), and large (more than 2,500 employees)
organisations. Respondents were drawn from a wide range of
industries: Business & Professional Services; Construction
& Real Estate; Education; Energy, Utilities & Natural
Resources; Financial Services; Gaming; Government; Healthcare; IT
& Technology; Manufacturing; Media & Telecoms; Retail;
Transport; Travel and Tourism & Hospitality. Respondents were
based in 13 markets across Europe: Belgium, Czech Republic,
Denmark, France, Germany, Italy, Netherlands, Norway, Poland,
Spain, Sweden, Switzerland, and the United Kingdom (n=207 to 432
per country), and were surveyed online and recruited via general
business panels. The survey was aimed at building a better
understanding of the threat landscape facing Chief Information
Security Officers (CISOs) and their teams across Europe, unearthing
valuable insights and trends, and gauging responses and outcomes.
The survey was conducted in March 2024.
About Cloudflare
Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud
company on a mission to help build a better Internet. It empowers
organizations to make their employees, applications and networks
faster and more secure everywhere, while reducing complexity and
cost. Cloudflare’s connectivity cloud delivers the most
full-featured, unified platform of cloud-native products and
developer tools, so any organization can gain the control they need
to work, develop, and accelerate their business.
Powered by one of the world’s largest and most interconnected
networks, Cloudflare blocks billions of threats online for its
customers every day. It is trusted by millions of organizations –
from the largest brands to entrepreneurs and small businesses to
nonprofits, humanitarian groups, and governments across the
globe.
Learn more about Cloudflare’s connectivity cloud at
cloudflare.com/connectivity-cloud. Learn more about the latest
Internet trends and insights at radar.cloudflare.com.
Follow us: Blog | X | LinkedIn | Facebook | Instagram
Forward-Looking Statements
This press release contains forward-looking statements within
the meaning of Section 27A of the Securities Act of 1933, as
amended, and Section 21E of the Securities Exchange Act of 1934, as
amended, which statements involve substantial risks and
uncertainties. In some cases, you can identify forward-looking
statements because they contain words such as “may,” “will,”
“should,” “expect,” “explore,” “plan,” “anticipate,” “could,”
“intend,” “target,” “project,” “contemplate,” “believe,”
“estimate,” “predict,” “potential,” or “continue,” or the negative
of these words, or other similar terms or expressions that concern
Cloudflare’s expectations, strategy, plans, or intentions. However,
not all forward-looking statements contain these identifying words.
Forward-looking statements expressed or implied in this press
release include, but are not limited to, statements regarding
Cloudflare’s plans and objectives, Cloudflare’s global network, and
Cloudflare’s products and technology, Cloudflare’s technological
development, future operations, growth, initiatives, or strategies,
and comments made by Cloudflare’s Head of EMEA, and others. Actual
results could differ materially from those stated or implied in
forward-looking statements due to a number of factors, including
but not limited to, risks detailed in Cloudflare’s filings with the
Securities and Exchange Commission (SEC), including Cloudflare’s
Quarterly Report on Form 10-Q filed on May 2, 2024, as well as
other filings that Cloudflare may make from time to time with the
SEC.
The forward-looking statements made in this press release relate
only to events as of the date on which the statements are made.
Cloudflare undertakes no obligation to update any forward-looking
statements made in this press release to reflect events or
circumstances after the date of this press release or to reflect
new information or the occurrence of unanticipated events, except
as required by law. Cloudflare may not actually achieve the plans,
intentions, or expectations disclosed in Cloudflare’s
forward-looking statements, and you should not place undue reliance
on Cloudflare’s forward-looking statements.
© 2024 Cloudflare, Inc. All rights reserved. Cloudflare, the
Cloudflare logo, and other Cloudflare marks are trademarks and/or
registered trademarks of Cloudflare, Inc. in the U.S. and other
jurisdictions. All other marks and names referenced herein may be
trademarks of their respective owners.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240618649444/en/
Cloudflare, Inc. Daniella Vallurupalli Vice President, Head of
Global Communications press@cloudflare.com
Cloudflare (NYSE:NET)
Historical Stock Chart
From Jun 2024 to Jul 2024
Cloudflare (NYSE:NET)
Historical Stock Chart
From Jul 2023 to Jul 2024