The survey shows victories in some areas of the cyber battle. However, the challenges remain significant, as the data shows that companies still take 215 days to fix a reported vulnerability. Even critical vulnerabilities typically take more than 6 months to be fixed. Orange Cyberdefense’s ethical hacking teams report a serious problem in nearly 50% of all tests performed.

Small and medium-sized businesses

Orange Cyberdefense reports that about 4.5x more small businesses were victims of cyber extortion than medium and large businesses combined. Proportionally speaking, however, large businesses are still hit much harder. Small and medium-sized businesses are particularly affected by malware. This was reflected in the 49% of confirmed incidents for this group in 2022 (up from 10% in 2019, 24% in 2020 and 35% in 2021).

Public institutions

In most sectors, the majority of detected incidents are initiated internally, but for healthcare clients, Orange Cyberdefense was able to attribute a staggering 76% of incidents to external actors, such as criminal hackers and APTs (state-backed threat actor groups).

Manufacturing sector hardest hit in terms of number of victims

The manufacturing sector remains the absolute top performer in terms of the number of victims of cyber extortion (Cy-X). Despite this, research shows that this sector ranks only 5th among those with the highest willingness to pay ransom. Orange Cyberdefense reports that criminals are more likely to compromise “conventional” IT systems rather than more specialized operational technology, and attributes this high number of victims primarily to poor management of IT vulnerabilities. Indeed, data show that companies in this sector take an average of 232 days to fix reported vulnerabilities. On this criterion, only four other sectors scored worse than the manufacturing sector.

Jort Kollerie, Manager Security Architecture & Security Services at Orange Cyberdefense Netherlands: “The number of cyber incidents continues to rise, fortunately the increase is slowing down. However, we see that attackers are now setting their sights more on Europe with an increased focus on the retail, banking and insurance sectors. These sectors are already very aware of the potential risks, their increased cybersecurity maturity largely captures this but it remains important to have experts on board who can detect and resolve incidents quickly. However, SMEs, manufacturing companies and the public / vital sector remain particularly vulnerable.”

The full Security Navigator 2023 report is available for download here.

Cybersec Europe 2023: 19 & 20 April

Cyber attacks are an ever growing threat in todays tech environment. Cybersec Europe 2023 is the platform for experienced cyber security experts as well as next-gen start-ups to share knowledge with peers for jointly coping with the cybersecurity challenges. Businesses and institutions of all sectors learn how to enhance cyber resilience and protect their core. After a successful edition in 2022, the European event on cybersecurity will be back on the 𝟭𝟵𝘁𝗵 𝗮𝗻𝗱 𝟮𝟬𝘁𝗵 𝗼𝗳 𝗔𝗽𝗿𝗶𝗹 in Brussels Expo. Don’t miss out to learn how to enhance cyber resilience and shield your core. You can register for free via the button below.