The investigations follow one another, the cyber threat remains. The latest annual barometer from the Club of Information and Digital Security Experts (Cesin) reports pressure measures observed in French companies.
Thus, according to this study by questionnaire conducted among the 328 members of the association, generally IT security managers of large groups or mid-sized companies, the number of cyberattacks seems to be decreasing.
Less than one in two companies (45%) would have experienced a successful attack with significant repercussions. This reported figure was 54% in 2021 and 65% in 2019. Ransomware attacks are also said to be down slightly, with less than one in five companies affected. Specifically, 14% of respondents report such an attack, up from 18% last year.
An “always very present” threat
But this downward trend, also noticed by Anssi, must however be moderate. Thus, for about two-thirds of respondents, the number of successful ransomware attacks remained stable. And for 24% of respondents who declared at least one attack last year, the phenomenon is on the contrary “increasing”.
The computer threat therefore remains “always very present”, sums up the Cesin in a general way. Half of the respondents also consider that “the level of threats in terms of cyber espionage is high”, while the assessment of computer attacks remains worrying, with 60% of the deplored attacks which “have a strong impact on the business”.
The first attack vector is unsurprisingly phishing, the gateway in 74% of attacks suffered. The attacker also passed in 45% of the attacks by exploiting a flaw, while in 24% of the cases it is an intrusion by rebound via a service provider.
Slightly increased budgets
Although the association remains cautious in its conclusions, it nevertheless notes that “anticipation seems to bear fruit as awareness-raising policies, investment in protection tools, the capacity to detect and manage incidents, or crisis training.
Other good news, noted by Cesin, the “budgets allocated to cybersecurity are still increasing slightly”, with 45% of respondents benefiting from a budget greater than 5% of the envelope devoted to IT. Similarly, respondents are three-quarters confident in the commitment of their executive committee, a key point in an effective cybersecurity strategy.