The coronavirus (COVID-19) pandemic has forced corporate security teams to cut staff and freeze hiring as the cyber risks and the financial peril of the crisis take hold, a new study said.
Since the onset of the pandemic, three in four companies experienced security team furloughs and 68 percent laid off team members, Exabeam, a security information and event management (SIEM) specialist, said in its 2020 State of the SOC report. To put the data in perspective, in the first half of 2020, 80 percent of organizations experienced an uptick in cyber attack attempts and one in three were victimized by a successful hacker infiltration, the Foster City, California-based company said.
To compile its report, Exabeam gathered data from 1,000 IT security professionals at small- to medium-sized enterprises, half of which held chief information security officer (CISO) or security operations center (SOC) roles. Half of the respondents were security engineer/analysts or security architects. The study spanned organizations in the U.S. and U.K.
Key findings include:
- Cyber risk. 80 percent of companies overall experienced an increased number of cyber attack attempts. One third of respondent companies were victimized by a successful cyber attack during the first half of 2020.
- Downtime. Successful cyber attacks resulted in network downtime for 38 percent of U.S. companies and 40 percent of U.K. companies.
- Revenue lost. 35 percent of U.S. companies lost between $38,000 to $63,000. 14 percent took losses up to $95,000. In the U.K., 40 percent lost between £30,000 to £50,000.
- Brand reputation. in the U.S., 38 percent reported between $38,000 to $63,000 in brand reputation-related losses. In the U.K., 43 percent lost between £30,000 to £50,000.
- Legal and mitigation costs. In the U.S., approximately 30 percent spent between $38,000 to $63,000 and 11 percent spent up to $95,000. In the U.K., 33 percent spent between £20,000 to £40,000.
“Companies are grappling with the security fallout from an unexpected shift to remote work, but it’s business as usual for cyber criminals and foreign adversaries with unprecedented opportunity,” said Steve Moore, Exabeam chief security strategist. “The rise in attempted cyber attacks while companies experience staff reductions is a harsh reminder of the security and financial challenges created by the pandemic.”
In addition to furloughing security team members, 70 percent of U.S. companies and 42 percent of U.K. businesses in the study enacted hiring freezes during March through June 2020, Exabeam said. Here’s some more data:
- 29 percent of U.S. companies and 36 percent of U.K. companies furloughed two security team members. Nearly 29 percent of U.S. teams lost one to redundancy, and 33 percent of U.K. teams lost two.
- Only 22 percent of the total respondents listed staff shortages as the biggest challenge in mitigating threats while working remotely.
- On average, 60 percent of respondents in both regions deferred planned investments in security technology.
Overall, U.S. companies reported greater impacts such as distractions in the home, learning curve with new applications and tools, and blurred lines between work and personal computers than U.K. companies. The specific area with the widest margin was individuals’ false sense of safety and/or privacy, Exabeam said.
Exabeam is among others warning of layoffs paring IT security teams. In late May, industry analysts alerted cybersecurity teams to brace for upcoming budget cuts as the economic jolt from the pandemic prompts businesses to reevaluate their overall spend.