• – Cyber threat continues to increase in 2023
• – Security processes lag behind the requirements of digitalisation and cloud use
• – Investments in cyber security continue to rise
• – New Lünendonk study now available free of charge

The risk of becoming a victim of a cyber attack has increased again in the past year. As a result of advancing digitalisation, new gateways and attack vectors are emerging for hackers. Likewise, the encryption and sale of digital assets and sensitive data is a lucrative business for cyber attackers. 84 percent of companies consequently rate the threat situation for 2023 as higher than in 2022. Above all, the danger of DDoS attacks (Distributed Denial of Service) is estimated to be greater, which is related to the increased professionalism of hacker organisations, among other things. The majority of companies, however, consider themselves well prepared for cyber attacks at this point in time, although many companies still have some challenges to solve on the way to a high level of cyber resilience: for example, 40 percent limit their cyber security measures exclusively to their own company networks instead of focusing more on cross-company processes.

These are the findings of the new Lünendonk study 2023 “From Cyber Security to Cyber Resilience – How Companies are Responding to the Rising Threat Situation”. The study was developed in cooperation with KPMG and is now available for free download at www.luenendonk.de.

Cyber security is becoming essential and more complex

With increasing digitalisation, it is no longer sufficient to focus only on protecting one’s own corporate networks. Cyber security must be considered early on in the development of digital strategies and digital products. In fact, 86 percent of companies already see IT security as a value-added factor and a fixed component of their digital transformation.

“The results show that the importance of cyber security in companies has arrived in the consciousness of top management. Drivers for this include regulatory requirements for the protection of customer data and intellectual property as well as the protection of critical infrastructures. However, many companies have not yet built up the organisational and cultural maturity for cyber resilience,” comments Mario Zillmann, partner at Lünendonk & Hossenfelder and author of the study.

In fact, only 36 percent of the companies surveyed have centralised security monitoring and only one in four (25 %) have partially or fully automated processes to detect and defend against cyber attacks. Only 16 percent of the companies surveyed have set up a central unit for the continuous monitoring of security and for reacting to incidents.

But the advancing cloud transformation is also changing the view of cyber security. “The complexity of detecting and defending against cyber attacks is increasing due to the cloud,” adds Tobias Ganowski, Consultant at Lünendonk & Hossenfelder. “Especially multi- and hybrid cloud landscapes require an orchestration and interlocking of the individual security processes into an integrated security approach. Companies will therefore drive the networking of the many decentralised IT security tools already in place into integrated cloud security tool suites in terms of end-to-end management in the coming years, as well as the integration of hybrid multi-cloud and multi-provider environments into existing security systems.”

Cyber security budgets on the rise

“Most companies have realised that it is not a question of if they will be successfully hacked, but when. A high level of cyber resilience is thus achieved by companies having transparency over their IT systems at all times – whether before, during or after an attack – and knowing what measures to take at what time,” explains Mario Zillmann. Therefore, 92 percent of the companies surveyed are planning significantly higher investments in security monitoring for 2023 and 2024, as well as 80 percent in the area of security incident and event management (SIEM).

Likewise, cloud security and data centre security are now the focus of significantly more companies. 69 percent will invest in cloud security by 2024 (2022: 64 %) and as many as 78 percent in data centre security (2022: 74 %). Another top measure for 86 percent is vulnerability management, i.e. solutions for detecting vulnerabilities in security processes.

About the Lünendonk study

For the Lünendonk Study 2023 “From cyber security to cyber resilience – How companies are responding to the increasing threat situation”, 100 IT and IT security managers from medium-sized companies and corporations were surveyed. Half of the respondents were from the financial sector and the other half from companies in industry, the automotive sector, trade, energy and the telecommunications sector. The study was carried out in cooperation with KPMG and is now available for free download at www.luenendonk.de.