Concerned about job security, cyber teams cover up security incidents

The frequency and severity of cyberattacks are increasing – but according to VikingCloud, most companies are unprepared. With a growing skills shortage, alert fatigue and new, sophisticated attack methods, companies are more vulnerable than ever.

The research shows that 40% of cyber teams have not reported a cyber incident due to fear for their jobs, suggesting that cyber breaches are significantly underreported globally.

This trend also puts companies at risk of non-compliance with new industry regulations and leaves them vulnerable to an increase in attacks. According to the survey, both the frequency and severity of attacks have increased for 49 percent of companies and 43 percent of companies over the past 12 months.

Companies are confident they can detect cyber attacks

The data – collected from a quantitative survey of nearly 170 cybersecurity professionals at executive, vice president, director and manager levels in the US, UK and Ireland – shows that 96% of companies are confident in their ability to detect and respond to cyberattacks in real time.

However, these same companies also admit they are unprepared for today’s most pressing cyber risks, including ransomware attacks on key third parties (48%), phishing attacks (40%), DNS attacks (33%) and ransomware attacks on their organization (32%).

“Cyber ​​teams face significant challenges such as growing talent shortages, new attack vectors and the increasing sophistication of cybercriminals,” said Kevin Pierce, CPO at VikingCloud. “While many leaders report confidence in their defensive capabilities, it’s clear that this false sense of security leaves many organizations vulnerable. Teams try to do more with less while cybercriminals stay one step ahead of them. Without understanding their true risk status and investing in the right technology, people and skilled partners, organizations become even more vulnerable to the latest attack vectors.”

A growing skills gap between cyber teams and criminals

53% say new AI attack methods are creating new attack points they are unprepared for. The most concerning AI threats include GenAI model prompt hacking (46%), large language model (LLM) data poisoning (38%), ransomware as a service (37%), GenAI processing chip attacks (26%), application programming interface (API) breaches (24%), and GenAI phishing (23%).

55% of organizations believe cybercriminals are more advanced than their internal team. 35% said the technology used by cybercriminals is more sophisticated than the technology their team has access to. Despite this, a third of organizations still have not trained their team on GenAI-related cyber risks.

Only 10% of companies have hired more cyber staff in the past 12 months and nearly 20% of companies say that the lack of skilled professionals is one of the biggest challenges in defending against cyber attacks. 35% of companies do not have enough budget to invest in new technologies and 32% do not have enough budget to hire more staff.

Cyber ​​alert fatigue puts strain on response times to cyber attacks

33% of organizations responded late to cyberattacks because they encountered a false alarm, and 63% spend more than 208 hours per year dealing with false alarms.

Overall, 68% of cyber teams surveyed are currently unable to meet the Securities and Exchange Commission’s four-day disclosure requirement and the cyber industry benchmark based on the average time they estimate it takes to respond to a new, high-severity attack.

Technology has the potential to be a level-changer for cyber teams. 63% of organizations are looking to implement new technologies that can help mitigate the impact of cyber talent shortages. 41% say GenAI has the most potential to combat cyber alert fatigue. Yet only 5% of organizations allocated additional budget to their cyber programs in the past year to address these ongoing challenges.

“There are two ways cyber leaders can view advanced technologies like GenAI – as a threat or as a weapon. The reality is that it is both, which is why it is imperative for organizations to aggressively implement the right solutions to arm their teams and beat cybercriminals at their own game,” Pierce said.