Closely behind these two leaders are advanced ransomware attacks (25%), internal attacks (25%) and compromise of business emails (23%). These results also indicate that companies need to take seriously not only external threats, but also internal risks, such as the unintentional or malicious actions of employees or partners.
We asked the same group of people how spending on IT security had developed in 2023 compared to 2022. A full 52% said that it had increased, in 43% spending had remained roughly the same and in just 2% of companies it had decreased. 3% of respondents said they were not sure how spending had developed. The result can be interpreted as a clear sign of growing concern about cybersecurity. The following measures were taken to respond to this:
Formal cybersecurity risk assessments (40%) and data classification (39%) : poland telegram data These two measures are the most common and reflect companies' desire to systematically assess their security risks and classify data according to its sensitivity.
Zero-trust network security (31%) and network segmentation (27%) : These technical approaches show that many companies are using advanced strategies to secure their networks and control access to sensitive areas.
Privileged Access Management (PAM, 28%) : Another important aspect is the management of privileged access, which addresses awareness of the risks of insider threats.
Network honeypots/honeytokens (26%) : This method is used to attract and distract attackers in order to detect attacks early.
Request for software inventory lists (SBOM) from software providers
Cybersecurity in Companies
Although the number of companies that have not taken specific security measures is small (5%), this means that there are still companies that remain unprotected.
In order to paint a picture of the current threats in the area of IT security, we spoke to all participants about a number of important security risks such as data breaches, vulnerability to phishing and ransomware.