European Businesses Anticipate More Cybersecurity Attacks, But Feel Unprepared for Them

Rhea-AI Summary

Cloudflare's latest study, titled 'Shielding the Future: Europe's Cyber Threat Landscape Report,' reveals that 64% of European business leaders expect a cybersecurity incident in the next 12 months, but only 29% feel highly prepared. The study surveyed over 4,000 leaders across 13 European markets, uncovering a significant rise in the volume and frequency of attacks. While 40% of organizations experienced incidents in the last year, industries like IT & technology are better prepared compared to healthcare and education. Financial and reputational damages are substantial, with costs ranging from £788,000 to over £1.576 million per incident. Many businesses are adopting more cybersecurity products, but 72% believe this complexity hampers effectiveness. Furthermore, 58% are in early stages of adopting Zero Trust network access. Despite 54% of businesses expecting increased cybersecurity budgets, challenges remain, including funding, talent shortages, and evolving requirements.

Positive

• 54% of respondents expect increased cybersecurity budgets.
• Two-thirds anticipate a budget rise of more than 10%.
• 25% expect cybersecurity to make up at least 20% of IT spend.
• 49% of IT & technology sector respondents feel highly prepared.
• Financial services and retail sectors also show higher preparedness.

Negative

• 64% of leaders expect a cybersecurity incident within the next 12 months.
• Only 29% feel highly prepared for future incidents.
• 40% experienced a cybersecurity incident in the last year.
• 84% report an increase in attack frequency over the past year.
• 39% cite financial impact as most significant, with losses between £788,000 and £1.576 million.
• 23% faced increased insurance premiums, 22% paid fines, and 23% faced legal action.
• 31% had to put growth plans on hold, and 28% temporarily suspended business operations.
• 72% believe that having more cybersecurity products hampers effectiveness.
• 58% are in early stages of Zero Trust network access deployment.
• 86% believe their leadership lacks understanding of Zero Trust.

Insights

Financial Analyst

This report from Cloudflare provides critical insights into the preparedness of European businesses for cybersecurity threats, with potential implications for various sectors. The reported statistic that only 29% of respondents feel highly prepared could signal heightened future expenditure on cybersecurity solutions. This is supported by the finding that 54% of respondents expect their IT budgets for cybersecurity to increase, with two-thirds anticipating a rise of more than 10%.

For investors, this suggests a likely uptick in demand for cybersecurity products and services. Companies specializing in cybersecurity, like Cloudflare, could see revenue growth in the short and long term as businesses strive to shore up their defenses. However, it is important to note that increased investment in cybersecurity translates to higher operational costs for other businesses, potentially impacting their profit margins.

It’s also noteworthy that businesses with fewer incidents, like those in healthcare and education, have lower preparedness. This paradox might indicate a reactive rather than proactive approach to cybersecurity spending, potentially impacting the pace and predictability of demand for cybersecurity solutions across different industries.

The focus on a European market with diverse industries also hints at regional variations in cybersecurity challenges and spending, which might affect how cybersecurity companies like Cloudflare target their market strategies.

Cybersecurity Expert

The report highlights a significant gap between the expected increase in cybersecurity incidents and the current level of preparedness among businesses. With 64% of leaders anticipating a cybersecurity incident in the next 12 months but only 29% feeling highly prepared, there is a pressing need for improved cybersecurity postures across organizations.

One key insight is that nearly half of the businesses use over 11 different products and solutions, yet 72% find this complexity negatively impacts their effectiveness. This suggests a critical need for integrated, simplified solutions. This market opportunity is notable for companies offering comprehensive cybersecurity platforms or managed services.

Moreover, the slow adoption of Zero Trust network access—only 25% fully deployed—indicates an area where more education and technological integration are needed. For investors, this offers insights into areas where cybersecurity companies can innovate and capture market share.

The focus on ransomware and phishing as primary attack vectors points to the need for enhanced email security and endpoint protection solutions. Companies that can address these specific threats effectively are well-positioned to benefit from the identified gaps in preparedness.

The report also underscores the financial risks associated with breaches, including increased insurance premiums, fines and even layoffs, making a strong business case for robust and proactive cybersecurity measures.

New Cloudflare study reveals that 64% of business leaders expect a cybersecurity incident in the next 12 months, but only 29% feel highly prepared to defend against them

LONDON--(BUSINESS WIRE)-- Cloudflare, Inc. (NYSE: NET), the leading connectivity cloud company, today released a new study focused on cybersecurity in Europe. The report, called “Shielding the Future: Europe's Cyber Threat Landscape Report,” shares the latest data on how organisations are coping with rising volumes of cybersecurity incidents, their levels of preparedness, and top challenges.

These new findings reveal an ongoing concern around growing cybersecurity threats and a feeling of unpreparedness among European businesses.

Cybersecurity attacks are increasing in volume and frequency

The survey, which was conducted with more than 4,000 business and technology leaders across 13 European markets (Benelux, CEER, DACH, Nordics, Southern Europe, UK), found that 40% of organisations experienced a cybersecurity incident in the last 12 months.

Of those that suffered such an event, 84% report that the frequency of these events has increased over the same period, with almost one in five (16%) suffering a cybersecurity attack every 6-11 days. Meanwhile, 62% say that attacker dwell time has also increased in the same time period.

Looking ahead, two-thirds (66%) of respondents believe that they will see even more attacks within the next year and a significant 64% say that they expect to suffer a cybersecurity incident within the next 12 months.

Majority of organisations unprepared for cybersecurity threats

Concerningly, despite the increasing volume and frequency of these attacks, only 29% of respondents say they are highly prepared for cybersecurity incidents in the future.

Additionally, industries that had experienced fewer attacks were also among those least prepared. Just 28% of those working in healthcare and 31% of those working in education claimed to have suffered an attack in the last 12 months. For those same industries, the perceived level of preparedness for an incident in the future was low – just 18% and 19%, respectively.

The reverse is true for those in the IT & technology industry. With almost half (49%) being attacked in the last year, however, organisations in this field are seemingly on their guard. Over a third (35%) of respondents from this sector say they are highly prepared for an attack, making it the industry most confident in its ability to deal with an incident, followed by companies in financial services and retail (32% and 31%, respectively).

When looking at organisational size, the lack of preparation by smaller businesses is a particular concern, with only a quarter (25%) claiming to be highly prepared. Medium-sized and large businesses do not fare much better though, with only 27% and 32%, respectively, claiming high levels of preparedness.

The cost of a breach is more than financial

For those businesses impacted by a cybersecurity breach, more than a third of respondents (39%) say that the most significant effect remains financial. More than one in five (22%) claim to have lost revenue following an incident. In addition, 23% have suffered increased insurance premiums, 22% have paid fines, and another 23% have experienced legal action. A further one in five (19%) have been forced to lay off members of the team due to the financial losses experienced in the aftermath of an incident.

Looking at the numbers more closely, almost two-fifths (38%) of respondents say that the financial impact of the incidents they suffered cost between GBP 788,000 ($1M) and GBP 1.576 million ($2M), while a quarter (25%) estimated the loss to be GBP 1.576 million ($2M) or more.

A further 17% said that reputational damage was the most significant effect. Additionally, 31% put growth plans on hold in the aftermath of an incident, while over a quarter (28%) have temporarily suspended business operations.

Businesses aim to simplify and modernise solutions in the face of diverse threats

It’s unsurprising that financial gain was at the heart of many attacks (48%) across the European countries surveyed. However, survey respondents also believe that the threats they have experienced have a much wider range of objectives.

The majority (53%) of those impacted by an incident in the last 12 months say that the main purpose was to plant spyware. And almost half (48%) of those surveyed say that ransomware plants were the main purpose for the attack.

When it comes to the most commonly experienced attack vectors, these too are diverse. Phishing tops the list, with almost three in five (59%) respondents claiming to have seen this approach. That’s closely followed by web attacks (58%) and DDoS attacks (37%). Also prevalent were stolen credentials and business email compromise, with almost a third (32%) having experienced these.

When it comes to tackling these issues, onboarding more products seems to be the go-to response. In fact, nearly half (49%) have more than 11 different products and solutions. The vast majority (72%) believe that this complexity is having a negative impact on their effectiveness, and yet two-thirds (67%) expect the number of tools they adopt to increase in the next 12 months.

Notably, the three most pressing challenges cybersecurity decision makers and leaders face are: consolidating and simplifying cybersecurity estate (48%); modernising applications used by organisation (47%); and modernising networks operated by organisation (42%).

Further education on Zero Trust is required for maximum impact

Respondents report three clear problems in the existing architectures they work with: applications and data stored in the public cloud; limited oversight over IT supply chains; and over-reliance on VPNs to protect applications (with each factor mentioned by 34% of respondents).

Given these problems, it is unsurprising that securing a hybrid workforce is a top priority, coming in the top three for more than a third (36%) of our respondents.

Worryingly, for many organisations, deployment of countermeasures is a long way behind, and in some cases not yet started. Despite widespread recognition of its ability to protect hybrid or remote workers, when looking at deployment of Zero Trust network access, just 25% of respondents say this solution is fully deployed and over half (58%) say that Zero Trust adoption is still in its early stages.

While two-fifths (44%) say they are optimistic about the ability of Zero Trust to consolidate technology upgrades, our respondents also indicated a lack of faith in their leadership teams’ knowledge of the tool. In fact, the majority (86%) believe their leadership does not fully understand it, while nearly one in five (16%) say their leadership has either partial or no real understanding. According to 42% of those surveyed, this lack of understanding is the single biggest barrier to adoption.

Despite increased budgets, funding, talent, and training remain challenges

With business leaders anticipating more cybersecurity incidents, it’s positive to see that 54% of respondents expect their IT budget for cybersecurity to increase in the next year.

A quarter (25%) of business and IT leaders expect cybersecurity to make up at least 20% of their organisations' IT spend in the year ahead. And of those expecting a budgetary increase, two thirds (66%) anticipate a rise of more than 10%.

For the majority, protecting their networks remains the number one investment area, with nearly 24% of the budget allocated to this pillar on average. Despite being the area where respondents see a significant lack of preparedness, devices are set to receive the second lowest allocation of budget share.

In terms of how this budget allocation is decided, the top two determinants were the number of incidents experienced (34%) and the cost of dealing with them (20%), revealing that most organisations appear to remain reactive in their funding allocation decisions.

Funding remains the top concern for 46% of our respondents. However, other concerns, such as a lack of talent (41%) as well as the evolving business requirements and user needs (30%), also keep business and tech leaders awake at night.

Interestingly, despite the increasing volume of attacks, a quarter (25%) cite a lack of buy-in from leadership as a key challenge. With less than a quarter (23%) having not undertaken leadership or general employee training, it is therefore unsurprising that 21% of business and IT leaders rate their organisations' cybersecurity culture as weak or neutral.

“Organisations across Europe are managing an increasingly complex cybersecurity landscape, all while ensuring operational efficiency, regulatory compliance, and uninterrupted productivity. With incidents on the rise in both volume and frequency, this balancing act becomes even more challenging, leaving leaders with a sense of diminishing control over their organisations’ technological and security frameworks,” said Andy Lockhart, Head of EMEA at Cloudflare. “This significant challenge requires innovative solutions capable of integrating diverse technological components into a cohesive and agile framework. The age of siloed legacy infrastructures is giving way to a new model of ‘any-to-any’ cloud platforms, creating catalysts for innovation and growth. By concentrating on strategic integration any-to-any cloud platforms empower leaders to transform technological challenges into competitive advantages. Adopting this approach will help shape a future where connectivity and innovation are at the heart of business success, opening the door to unlimited possibilities,” adds Lockhart.

To find out more about the Europe Cyber Threat Landscape Report, please check out:

• Survey download

Survey Methodology

This survey was conducted by Sandpiper Communications, on behalf of Cloudflare across a total of 4,261 leaders responsible for cybersecurity in small (150 to 999 employees), medium (1,000 to 2,499 employees), and large (more than 2,500 employees) organisations. Respondents were drawn from a wide range of industries: Business & Professional Services; Construction & Real Estate; Education; Energy, Utilities & Natural Resources; Financial Services; Gaming; Government; Healthcare; IT & Technology; Manufacturing; Media & Telecoms; Retail; Transport; Travel and Tourism & Hospitality. Respondents were based in 13 markets across Europe: Belgium, Czech Republic, Denmark, France, Germany, Italy, Netherlands, Norway, Poland, Spain, Sweden, Switzerland, and the United Kingdom (n=207 to 432 per country), and were surveyed online and recruited via general business panels. The survey was aimed at building a better understanding of the threat landscape facing Chief Information Security Officers (CISOs) and their teams across Europe, unearthing valuable insights and trends, and gauging responses and outcomes. The survey was conducted in March 2024.

About Cloudflare

Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company on a mission to help build a better Internet. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.

Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations – from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.

Learn more about Cloudflare’s connectivity cloud at cloudflare.com/connectivity-cloud. Learn more about the latest Internet trends and insights at radar.cloudflare.com.

Follow us: Blog | X | LinkedIn | Facebook | Instagram

Forward-Looking Statements

This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding Cloudflare’s plans and objectives, Cloudflare’s global network, and Cloudflare’s products and technology, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s Head of EMEA, and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare’s filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Quarterly Report on Form 10-Q filed on May 2, 2024, as well as other filings that Cloudflare may make from time to time with the SEC.

The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare’s forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.

© 2024 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the U.S. and other jurisdictions. All other marks and names referenced herein may be trademarks of their respective owners.

View source version on businesswire.com: https://www.businesswire.com/news/home/20240618649444/en/

Cloudflare, Inc.

Daniella Vallurupalli

Vice President, Head of Global Communications

press@cloudflare.com

Source: Cloudflare, Inc.

FAQ

What percentage of European business leaders expect a cybersecurity incident in the next 12 months?

64% of European business leaders expect a cybersecurity incident in the next 12 months.

How many organizations experienced a cybersecurity incident in the last year according to the Cloudflare study?

40% of organizations experienced a cybersecurity incident in the last year.

What percentage of business leaders feel highly prepared for cybersecurity incidents?

Only 29% of business leaders feel highly prepared for cybersecurity incidents.

What are the financial impacts of cybersecurity incidents according to the study?

39% of respondents reported financial impacts ranging from £788,000 to over £1.576 million.

What percentage of businesses are in the early stages of Zero Trust network access deployment?

58% of businesses are in the early stages of Zero Trust network access deployment.

How many European business leaders expect their cybersecurity budget to increase next year?

54% of European business leaders expect their cybersecurity budget to increase next year.