A new global survey of 1,309 IT and security professionals found that 79 percent of organizations suffered a cyber attack within the last 12 months, up from 68 percent just a year ago, according to cybersecurity vendor Netwrix’s 2024 Hybrid Security Trends Report.

Unplanned expenses resulting from the cyber attack were incurred by 45 percent of those organizations, and 1 in 5 (20 percent) reported losing a competitive edge due to the attacks.

A reported 16 percent said they experienced a decrease in company evaluation, and 13 percent had to deal with lawsuits compared to only 3 percent a year ago, the data showed.

“Growing security awareness at the executive level means a better understanding that the risks of security gaps extend far beyond downtime and data loss. As a result, more organizations are investing resources into audits to investigate the root cause of a security incident to prevent similar events in the future,” explains Ilia Sotnikov, security strategist at Netwrix.

Of those survey, 1 in 6 (17 percent) organizations estimated their financial damage from cyber incidents to be at least $50,000, the report found.

In addition, the share of those who faced no financial consequences dropped from 47 percent to 38 percent compared to last year.

More than half (62 percent) of respondents confirmed having a cyber insurance policy or planned to purchase one within 12 months.

Almost 1 in 5 (19 percent) insured organizations used their policy last year.

“Considering the high chances of a payout request, it’s no wonder the requirements for obtaining a policy have become stricter. The survey shows that insurers are now more likely to require identity and access management as well as privileged access management,” says Dirk Schrader, VP of Security Research at Netwrix. “These solutions significantly complicate the privilege escalation for the attacker and their lateral movement. As a result, the security team has more time to spot suspicious activity and respond to the attack before any serious damage occurs.”

Phishing is still the most common attack vector both on premises and in the cloud, the report found, with 74 percent of respondents suffering this type of cyber attack.

Account compromise attacks in the cloud spiked, with 55 percent of respondents reporting them in 2024, compared to 39 percent in 2023, 31 percent in 2022 and just 16 percent in 2020.

Targeted attacks on premises continue to intensify. The share of those who suffered this type of attack increased by 42 percent, the report found.

Respondents interest in implementing AI tools surged. This year, 28 percent of respondents named it among their top IT priorities compared to only 9 percent in 2023.

“The interest in AI is surging across enterprises – both within the security department and outside. The introduction of AI tools like Copilot to assist with regular business processes raises a new scope of associated security gaps. Since Copilot relies on native access controls within Microsoft 365, it can access all data a user can. If the user has been granted inappropriate access to content, then sensitive information can quickly spiral out of control,” warns Ilia Sotnikov. “Implementing and maintaining a strict least-privilege model is a good start to address the risks associated with Copilot and similar AI-powered business tools.”