Keeper Security, the leading provider of zero-trust, zero-knowledge and FedRAMP Authorized cybersecurity software, today released findings from its second annual Cybersecurity Census. The report explores insights from IT decision-makers at businesses and organizations across the U.S., revealing that most respondents expect the onslaught of cyberattacks to intensify over the next year, yet 32% lack a management platform for IT secrets–posing a significant risk to organizational security.
The 2022 U.S.Cybersecurity Census Report explores the ongoing threats of cyberattacks and the need for cybersecurity investment. The report maps the evolving cybersecurity landscape as hybrid and remote work have transformed businesses over the past two years. According to survey findings, the average U.S. business experiences 42 cyberattacks annually—between three to four each month. Still, fewer than half (44%) of respondents provide their employees with guidance or best practices for governing passwords and access management.
IT leaders reveal a lack of preparedness for cyberattacks
U.S. businesses face many cyberattacks each year, significantly impacting their organizations. Most respondents agree the total number of attacks will increase over the next year, with 39% predicting the number of successful cyberattacks will also rise.
Most organizations in the U.S. believe they're prepared to fend off cyberattacks, with 64% of respondents rating their preparedness at least an eight on a 10-point scale and 28% rating themselves as a 10/10. At the same time, the majority of respondents (57%) say it is taking longer to respond to attacks and only 8% say responses are getting faster.
Though most report feeling prepared for attacks, leaders admit their tech stacks lack essential tools.
Nearly one-third of respondents (32%) lack a management platform for IT secrets, such as API keys, database passwords and privileged credentials.
84% are concerned about the dangers of hard-coded credentials in source code but 25% don't have software to remove them.
More than one-quarter of respondents (26%) said they lack a remote connection management solution to secure remote access to IT infrastructure. With the rise in hybrid work and remote work, this is a significant security gap.
This lack of investment in cybersecurity tools is alarming, especially considering the lasting impact of cyberattacks that survey respondents revealed.
Nearly one-third (31%) suffered a disruption of partner or customer operations in the wake of a cyberattack and the same percentage experienced theft of financial information.
18% of organizations experienced theft of money, with the average amounting to more than $75,000, while 37% lost $100,000 or more.
23% experienced the inability to carry out business operations.
In addition to direct costs, cyberattacks can cause lasting damage to business perception and client trust. More than one-quarter of respondents (28%) suffered reputational damage due to a successful cyberattack and 19% reported losing business or a contract.
"The volume and pace at which cyberattacks are hitting businesses is increasing and with that come severe financial, reputational and organizational penalties," said Darren Guccione, CEO and co-founder of Keeper Security. "Leadership must prioritize cybersecurity, enabling their security teams to address rapid shifts in technology and distributed remote work. The impact these shifts have on cybersecurity are both pervasive and extreme. Building a culture of trust, accountability and responsiveness is critical."
U.S. businesses must take immediate action against cyber threats
Cybersecurity is a pillar of every good business and these findings underscore the need for business leaders to make cybersecurity a part of organizational culture. U.S. business leaders are working to source the necessary talent to stay secure. Nearly three-quarters (71%) of respondents have made new hires in cybersecurity over the past year and 58% say they've increased cybersecurity training.
A devastating cyberattack is one stolen password away, but despite this threat, fewer than half (48%) of respondents state they have plans to invest in password management, visibility tools for network-based threats or infrastructure secrets management.
Only 44% of respondents provide their employees with guidance and best practices governing passwords and access management.
30% of respondents allow employees to set and manage their passwords and admit that employees often share access to passwords.
A mere 26% have a highly sophisticated framework for visibility and control of identity security.
Many organizations are considering future investments with 73% of respondents expecting their cybersecurity budgets to increase. However, they face being outmatched by rising external threats and the demands created by existing weaknesses.
Cybersecurity in company culture
Employees understand the dangers of both external and internal threats. An overwhelming 79% of IT professionals are concerned about a breach from within their organization and 47% have suffered a breach of that nature. As more employees work remotely, businesses must rethink their investments in order to maintain security. In fact, 40% of respondents highlighted remote and hybrid work as a top concern, with rising external threats close behind at 39%.
IT leaders themselves admit a lack of transparency in cyber incident reporting within their organizations, with nearly half of respondents (48%) being aware of a cyberattack, but keeping it to themselves. Businesses must foster a sense of trust and transparency in their organizations, creating an open dialogue to recognize the scale of the cybersecurity challenges their organization faces. Only with that recognition can resources be devoted to education and embedding a cybersecurity mindset into the organization's culture.
Keeper's 2022 U.S. Cybersecurity Census Report demonstrates that cyberattacks present a profound and ongoing threat. Preventative measures, including investment, education and cultural shifts, are essential for businesses to drive resilience and protect their organizations from cybercriminals.
The report yielded results from 516 IT leaders and decision-makers in businesses across the U.S.
About Keeper Security
Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their credentials, secrets, connections and sensitive digital assets to significantly reduce the risks of identity security-related cyberattacks, while gaining visibility and control. Keeper is the leading provider of zero-trust and zero-knowledge security cloud services trusted by millions of people and thousands of organizations for password management, secrets management, privileged access, secure remote infrastructure access and encrypted messaging.