Campus +34 934 005 375
Informe Ciberseguridad 2024 Hero

OBS Report: State of Cyber-Insecurity

Informes |

Cyberattacks on company executives are increasing

Informe Ciberseguridad 2024 Portada

 

  • In the 2024 Global Cybersecurity Index, Spain ranks among the top positions globally and above the European average.
  • Cyberattacks increased by 28% in the first quarter of 2024, with the healthcare sector being especially targeted.
  • Phishing remains the most common attack: 3.4 billion emails are sent every day.
  • Organizations allocate 10.9% of their IT budget to cybersecurity, averaging $2,700 per employee annually.
  • By 2026, the global cost of cybercrime will exceed $20 trillion.

September 2024. OBS Business School publishes the report State of Cyber-Insecurity, led by Ramón Miralles, a lawyer specialized in the ICT sector and a professor at the school. The report analyzes cybersecurity trends, protection priorities, and the most frequent cyber incidents. During the first quarter of 2024, cyberattacks increased by 28% globally. This situation is expected to worsen, with 41 billion devices worldwide predicted to be connected to the network by 2025. Cyber incidents not only impact the organization's operations and cause financial losses but also affect the brand's reputation with customers and in the market where it operates. Preserving customer trust in digital services, as well as ensuring access to services and business continuity, are no longer solely strategic issues but fully operational ones.

Most common attacks of 2024

Email phishing remains the most common cyberattack. Around 3.4 billion emails with malicious content are sent daily, a type of attack responsible for 90% of data security breaches and the source of a significant portion of ransomware incidents. It is estimated that in 2023, 1.7 million ransomware attacks occurred daily, 71% of which targeted organizations. Notably, up to 60% of the companies affected paid the ransom to recover their data, with the healthcare sector bearing the highest costs as a result.

The report predicts an increase in cyberattacks and potential threats targeting executive profiles within organizations. It also states that AI-driven attacks will rise, as will the severity of their consequences. The report discusses “multivector” attacks almost as a default, meaning that they will combine different techniques, and even AI systems themselves will be targeted by cyberattacks, particularly so-called “adversarial attacks,” where deceptive data is introduced into AI models to induce distorted outcomes.

Cyberattacks related to geopolitics and disinformation are also becoming increasingly significant as a consequence of international conflicts (armed and commercial) and internal political tensions within countries. In this context, social media will continue to be the main vehicle for dissemination.

Key Figures

Although measuring them is challenging, it is estimated that the costs resulting from cyber incidents this year will reach $4.88 million, a 10% increase from last year. However, organizations that have already implemented significant AI deployments for security purposes experience much lower impacts. It is projected that by 2026, the global cost of cybercrime will exceed $20 trillion.

Currently, organizations allocate approximately 10.9% of their IT budget to cybersecurity, which averages around $2,700 per employee. The three European countries with the highest levels of cybersecurity are the United Kingdom (ranking second globally), Estonia, and Spain, while San Marino, Andorra, and Bosnia and Herzegovina lag behind.

Cybersecurity Trends

Regulation is a fundamental pillar in Europe, establishing a high common level of cybersecurity across the Union. This regulation compels organizations to improve processes for managing security breaches: they are required to report security incidents to the relevant authorities and, in some cases, inform customers and users who may have been affected. As a result, cybersecurity insurance will become more prevalent in organizational strategies, with coverage extending specifically to executives, middle managers, and department heads, emphasizing cyber resilience.

Moreover, the deployment of AI within organizations is already a growing risk factor. However, the report suggests that this will not shift the current balance of power, as AI will be a tool used both by cyberattackers and cyber defenders.

Protection Priorities

One of the most evident changes that will directly impact users of information systems is the adoption of authentication systems that will not rely on the traditional username and password combination. These are known as multifactor and biometric systems, which, although a good solution, will also create tensions concerning privacy regulations.

Advancements driven by AI and its convergence with other technologies are already leading to substantial developments in deepfake techniques—videos that display false images (usually of a person's face) created with artificial intelligence that appear to be real. Therefore, it will be essential, especially in critical environments, to develop and implement detection measures.

Regarding communication and mobile infrastructures, while they have improved in terms of cybersecurity, their protection is still inadequate. The trend toward hybrid infrastructures (a combination of cloud solutions and on-premises servers) necessitates prioritizing protective measures that account for the coexistence and integration of both environments. To this end, there will be a strong deployment of cloud-native application protection platforms (CNAPP), which requires a necessary redesign of application security.

Finally, it will be crucial to identify and analyze the specific threats each organization faces and delve into details to manage the real risks these threats entail. From a cybersecurity governance perspective, organizational frameworks should be employed to address the cybersecurity needs of each organization at a high level, particularly strengthening the oversight of cyber insecurity that senior management must assume. The objective is to continue working towards establishing a cybersecurity culture that permeates the entire organization.

Content written by:
Carmen García-Trevijano
OBS Business School's Press Office

DOWNLOAD REPORT

Related Masters