Cybernomics report flags ransomware, GenAI and people as three big threats

Barracuda’s newly published Cybernomics 101 report analyses the financial drivers behind the cyberattacks on organisations in the UK, US, France, Germany and Australia. Shedding a light on these financial forces and profit motives of cybercrime reveals a harsh reality: defending your data is expensive.

In all, just under 2,000 IT security professionals were polled from organisations in the 100 to 5,000 employee size-bracket. What stands out from the research is the average annual cost for an organisation to respond to a compromise, which rolled in at $5.34 million.

Obviously, this figure will be skewed by big businesses that have been hit hard with ransomware demands and recovery resources. But when you see that 71% of those asked had experienced a ransomware attack last year, and 61% of those had paid a ransom, it starts to make sense.

Related: ChatGPT is a year old today but not all cybersecurity experts are celebrating

The GenAI security threat

If it’s unsurprising to see ransomware still dominating the cybercrime landscape, it’s no less so that security professionals are also concerned about generative AI. Half of those asked in the Cybernomics report that they worry generative AI will help threat actors to launch more attacks, with those attacks becoming more sophisticated and effective.

TechFinitive spoke to Fleming Shi, Barracuda’s CTO, who explained that “it’s just over a year since generative AI was launched into the public arena in the form of ChatGPT – and many other GenAI tools have followed.

“It’s no surprise that 81% of our respondents say they’re familiar with the use of GenAI,” he added. “But that level of awareness doesn’t mean they are confident about their ability to withstand GenAI-based attacks against their organisation, employees and IT infrastructure.”

Indeed, just over half said they would likely need to find new ways to protect the organisation against such threats. This figure rose to 60% for mid-market organisations and the public sector.

A quarter don’t know if their security infrastructure is equipped to protect against automated attacks that use generative AI, and another third say they know it’s not.

“GenAI is a relatively new concept for many organisations, it’s to be expected that they don’t all feel fully equipped,” Shi said. “We hope this awareness will drive new security measures to future-proof companies in the age of AI.”

People still a big security challenge

This theme continued when TechFinitive spoke to Barracuda CIO, Siroui Mushegian. “Security success depends on people almost as much as it does on effective security technologies,” she said.

“The research shows how people-related security challenges, such as a lack of board-level support or security leadership, skills and staffing shortages, and the inconsistent implementation of security policies across the company can undermine security confidence.”

With only 43% of respondents in the Cybernomics report rating their security posture as very effective, the fact that just under 60% have concerns shouldn’t be too much of a cause for concern, says Mushegian.

“This may not be as bad as it seems – a belief that you could be doing more to enhance protection can help to focus attention and resources in areas that need them and ultimately make you more secure.”