Partnership costs: third party incidents became most costly enterprise data breaches in 2021

The latest edition of Kaspersky’s annual IT Security Economics report reveals the growing severity of cybersecurity incidents affecting businesses through suppliers that they share data with. The average financial impact of such an event for an enterprise reached $1.4million globally in 2021 which makes it the most expensive type of incident, even though this didn’t even reach the top five incidents last year. The overall ranking of losses from different types of attack has also changed significantly since 2020.

Attacks where global businesses are affected through their contractors have become a clear trend. Business data is typically distributed across multiple third parties including service providers, partners, suppliers, and subsidiaries. As such, organisations need to consider not only the cybersecurity risks affecting their IT infrastructure but those that can come from outside it.

According to the survey, almost a third (28%) of large organisations in Europe suffered attacks involving data shared with suppliers. This number hasn’t changed significantly since the 2020 report (when it was at 29%). The financial impact has also risen since last year when it was at $839k .

In Europe specifically, cryptomining attacks were the most harmful in terms of financial impact with losses of $2.1 million, ransomware attacks were in second place with a financial impact of $2.07million. The third most impactful data breach for organisations in Europe was inappropriate IT resource use by employees with a financial impact of $2.04million.

The average financial impact of any attack has also increased as a result. It showed a notable 31% increase compared to last year’s results – $1.1 million in 2021 versus $839k in 2020 – and increased 17% from the figure in 2017 ($938k).

“The severity of cybersecurity attacks highlights the need for organisations to take the risk of a breach involving shared data with suppliers into account, when assessing cybersecurity needs for their businesses. The pandemic has changed the threat landscape and organsations should be ready to adapt to it. Companies should grade their suppliers based on the type of work they do and complexity of access they receive (whether they deal with sensitive data and infrastructure or not), and apply security requirements accordingly. Companies should ensure they only share data with reliable third parties and extend their existing security requirements to suppliers. In the case of sensitive data or information transfers it means that all documentation and certifications (such as SOC 2) should be requested from suppliers to confirm they can work at such level. In very sensitive cases, additionally we recommend conducting a preliminary compliance audit of a supplier before signing any contract,” comments Evgeniya Naumova, Executive VP, Corporate Business at Kaspersky.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and operational cloud services that is unique on the market, enabling clients across the world to meet the challenges of managing their data in the edge to cloud continuum, in line with the highest jurisdictional data governance requirements. Part of the Atos' OneCloud initiative, Atos OneCloud Sovereign Shield is a comprehensive edge to cloud platform ecosystem and highly secure service that improves the level of control clients have over the data they produce and exchange, helping them regain control and effectively deal with legal dependencies.
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets across Europe with further expansion into APAC planned.
Research from Avast has found that employees in almost a third (31%) of Small and Medium Businesses (SMBs) in the UK are connecting to the corporate network using personal devices that do not have any security controls in place, according to IT Decision Makers (ITDMs) within SMBs.
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53% offer backup services.
Trend Micro has published new research revealing that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board.
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real terms’ during 2022 – leading to increased cyber vulnerability.