The shortage of skilled workers, ransomware attacks and state attackers are among the most current challenges for companies in terms of cyber security. This is the conclusion of the KPMG study “Cyber Security in Austria 2022”. […]
Hybrid conflicts also have an impact on companies in Austria. Specially created malware, the so-called APTs (Advanced Persistent Threats) or State sponsored attacks, are used. For more than half of Austrian companies (52 percent), APTs have gained in importance, for almost a quarter (22 percent) they are now part of daily business. The survey was conducted before the outbreak of the Ukraine-Russia conflict.
It is therefore to be expected that the threat situation in cyberspace will worsen. “The latest malware examples are Hermetic Viper, AcidRain or Doublezero,” reports KPMG Partner Andreas Tomek. “At the moment, they are still limited to the current source of conflict, but due to their uncontrollability, they will soon appear everywhere.“
Threat of ransomware
Last year, 14 percent of Austrian companies were directly affected by ransomware attacks. The cyber crime scene is professionalizing through business models such as “ransomware as a Service”. “In the meantime, the majority of these attacks, in addition to file encryption and extortion, also include the theft of company data and the threat to resell access to freelancers,” says Robert Lamprecht. In 2021 alone, the number of ransomware attacks worldwide increased by 435 percent, according to the World Economic Forum. In Austria, one in two companies (49 percent) already considers these topics as a special challenge. “Cyber threats are now part of digitization,” adds Lamprecht.
Permanent shortage of skilled workers
The lack of qualified cyber security personnel is causing headaches for the economy. Three quarters of companies (74 percent) report having difficulties recruiting IT and security experts. Almost half of the companies (43 percent) require at least four to six months to find an employee. The race for the best specialists is illustrated by the following figure: 40 percent of the respondents actively recruit security experts from other companies. Every fourth company (26 percent) in Austria also reports that it is easier to recruit IT experts in other European countries than in Austria.
Every third company (36 percent) is pessimistic about the future and expects deteriorations in the cyber security area in the next twelve months. “The developments of the past two years have dramatically shown us the vulnerability of our state, economic and social systems,” says Erwin Hameseder, President of the Competence Center for Safe Austria.
Cyber resilience, ensuring the resilience of business processes despite the most adverse circumstances, remains the big goal. “Cooperation and the exchange of information are of crucial importance: the exchange of attacks must be intensified without shame and borders,” the study authors say. For this, all companies must recognize that a cyber security culture is just as important as the corresponding technologies.
Further results of the study:
- 67% of companies have already been victims of a cyber attack.
- 20% report that they have suffered financial damage as a result of cybercriminals.
- 51% of the attacks were phishing attacks.
- 70% became aware of a cyber attack by their own employees.
- 71% see an increase in the cyber security budget.
- 72% of them cite new threats as the cause of the budget increase.
- 65% invest in additional security tools after a cyber attack.
- 40% employ 1-2 employees for cyber security.
- 83% trust their protective measures in the event of an attack.
- 97% involve external service providers in the technical incident handling.
- 59% say that the importance of cyber security has changed in their company due to the pandemic.