Rubrik Zero Labs research reveals one-third of organisations forced to change leadership as a result of cyber attack

• Ninety-two percent of respondents were concerned they’d be unable to maintain business continuity if they experience a cyber attack.
• One-third of boards have little to no confidence in their organisation’s ability to recover critical data and business applications in the event of a cyber attack.
• Ninety-six percent of individuals suffered emotional or psychological impacts as a direct result of experiencing a cyber attack.

IT and security leaders must address, on average, one cyber attack per week, according to a new study released today, titled: “The State of Data Security” by Rubrik Zero Labs. Rubrik, the Zero Trust Data Security Company, gathered insights from more than 1 600 security and IT leaders, including CISOs, CIOs, VPs and directors across 10 countries. The findings exposed rising security risks for organisations, resulting in widespread damage to organisations and their IT and security teams.

Key findings of “The State of Data Security” by Rubrik Zero Labs include:

Cyber attacks continue to surge in volume and impact:

• Nearly every leader surveyed experienced a cyber attack over the past year, and on average faced 47 attacks in that timeframe – or nearly one cyber attack per week.
• Fifty-two percent reported a data breach and 51% reported facing a ransomware attack in the past year.
• Only 5% of organisations were able to return to business continuity or normal operations within one hour of discovering a cyber attack.
• Forty-eight percent of IT and security leaders reported to be concerned about data breaches (25%) or ransomware events (23%) as the top threat for the year ahead.

Organisations are losing confidence in their ability to withstand attacks:

• Ninety-two percent of respondents are concerned they will be unable to maintain business continuity if they experience a cyber attack.
• One-third believe their board has little to no confidence in their organisation’s ability to recover critical data and business applications after a cyber attack.
• Seventy-six percent of survey respondents reported their organisation is likely to consider paying a ransom following a cyber attack.
• Eleven percent of IT and security leaders said they had not adequately addressed vulnerabilities from previous cyber events.

The weight of cyber crime is taking a toll:

• Ninety-six percent of respondents reported experiencing significant emotional or psychological consequences following a cyber attack, ranging from worries over job security (43%) to loss of trust among colleagues (37%).
• About one-third of respondents reported leadership changes as a result of a cyber attack.
• About one-third of leaders surveyed said their IT and SecOps teams were either somewhat or not at all aligned when it came to defending their organisations.

“It’s clear from this research that cyber attacks continue to produce large impacts against global organisations and the effects are compounding,” said Steven Stone, Head of Rubrik Zero Labs. “In addition to this rise in frequency and impacts of cyber events, the individuals on the frontlines are taking a psychological hit on their well-being. Trust is down and anxiety is up. Without a proactive and reliable approach to defend against modern cyber threats and strengthen confidence in an organisation’s ability to resolve these cyber events, these impacts – both human and organisational – will continue to worsen and feed each other. The good news is we’re also seeing pragmatic, proven strategies in this same space paying off and we can build off these approaches.”

“We often overlook the psychological dimension of cyber attacks and the chaos that tends to follow after discovering an incident,” said Chris Krebs, Former Director of CISA and Founding Partner of the Krebs Stamos Group. “The bad guys sure have figured it out, though, with criminals and state actors alike trying to generate emotional responses when they attack, as evidenced by the increase in criminal extortion efforts and hack and leak campaigns. In the end, IT and security leaders alike tend to take the blame for these cyber attacks. One of the most effective techniques I’ve seen to prepare for these types of attacks is to accept you’re going to have a bad day at some point, and your job is to ensure that it doesn’t become a “worse day”. This is why we need defenders across the spectrum to come together – sharing best practices, learnings after attacks, simulations, frameworks – so that we’re collectively strengthening our defences and minimising the psychological impact brought on by an attack.”

“The State of Data Security” comes from Rubrik Zero Labs, the company’s ​​new cyber security research unit formed to analyse the global threat landscape, report on emerging data security issues and give organisations research-backed insights and best practices to secure their data against increasing cyber events.

To learn more about Rubrik Zero Labs’ “The State of Data Security”, visit https://rubrik.com/zero-labs.

Report methodology

“The State of Data Security” by Rubrik Zero Labs was commissioned by Rubrik and conducted by Wakefield Research among 1 625 IT and security decision-makers at companies of 500 or more employees. Respondents were made up of approximately half CIOs and CISOs and half VPs and directors of IT and security. The research was conducted in the US, UK, France, Germany, Netherlands, Italy, Japan, Australia, Singapore and India between 18 July and 27 July 2022.