Researchers have closely examined the increasing threats tied to supply chain and AI-powered attacks in the third annual cybersecurity survey. Both small businesses and large enterprises are facing a significant impact from ransomware, as attackers have refined their tactics, leveraging generative AI to enhance phishing attacks and focusing on supply chain disruptions. Nearly half (48%) of survey respondents reported that their company had experienced a ransomware attack at some point, with almost three-quarters (73%) encountering one this year.
Alarmingly, about half (46%) of those affected ended up paying the ransom, with payments ranging from $1 million to $5 million for 31% of them. SMBs have been targeted more frequently than large enterprises, underscoring the necessity for robust defenses across organizations of all sizes. Supply chain vulnerabilities have become a central concern, with 91% of respondents worried about downstream software supply chain attacks.
Significant breaches affecting companies like Change Healthcare and CDK Global have heightened these concerns, pushing nearly half of businesses to consider changing vendors. Among those affected, 62% reported attacks sourced from software supply chain partners, prompting 90% of respondents to plan enhanced collaboration with software suppliers to improve security practices over the next year. AI-powered attacks are also on the rise.
Almost half (45%) of respondents noticed an increase in phishing attacks due to AI, and among companies hit by ransomware, 69% observed a noticeable surge.
Cybersecurity trends in 2024
The proliferation of AI usage among cybercriminals has made many organizations feel more vulnerable, with 55% believing their risk of ransomware attacks has increased.
As cybersecurity threats evolve, companies are ramping up their investments in defense mechanisms. Regulatory compliance and cyber insurance requirements are key drivers for this increased investment, as underscored by 37% of respondents. About 72% of firms now have cyber insurance coverage, recognizing its importance against the financial risks of sophisticated cyber threats.
Moreover, 91% of respondents require employees to participate in security awareness or phishing training. In 2024, the frequency of such training increased, with 66% of companies conducting it at least quarterly, up from 39% in 2023. This reflects a growing recognition that employees play a critical role in mitigating cyber threats, with 88% of respondents considering current security awareness programs effective in addressing AI-related risks.
Grayson Milbourne, the Security Intelligence Director, continues to advocate for improved security measures and third-party testing standards. He actively participates in the cybersecurity community, speaking at events like RSA and Virus Bulletin, and contributes to public awareness through various media engagements. The findings from the 2024 Global Ransomware Survey highlight the paradox where increasing cybersecurity investments coexist with persistent ransom payments.
To break the cycle of ransomware, companies must focus on robust cyber resiliency strategies rather than yielding to attackers’ demands.
