Deloitte study: nine out of ten organizations reported at least one cyber incident or breach last year

Press releases

Deloitte study: nine out of ten organizations reported at least one cyber incident or breach last year

11 April 2023

Nine out of ten organizations (91%) reported at least one cyber incident or breach last year, according to Deloitte 2023 Global Future of Cyber Survey, and more than a third (38%) between six and ten events. The study also points out that the frequency of cyber incidents varies depending on the level of cyber maturity of the organization, more low cyber maturity organizations experiencing over ten events (21%) compared to the mature ones (13%). Organizations’ cyber concerns also differ depending on their level of maturity, the more advanced ones being preoccupied mainly about cyber criminals and terrorists, as well as phishing, malware, and ransomware attacks, while low and medium-maturity companies have greater concerns about denial-of-service attacks.

In the context of these incidents, operational disruption (58%) is the most significant impact for organizations, followed by loss of revenue, of customer trust and negative brand impact, with 56% of respondents reporting that they suffered related consequences to a moderate or large extent.

“The cybersecurity threat landscape is becoming more complex every year and ranges from ransomware, still considered one of the main threats, according to the EU’s agency for cybersecurity ENISA, malware and supply chain attacks, to social engineering threats. The most impacted sectors are public administration and governments, digital services providers, financial services, as well as the general public, according to the same source. Organizations are increasing investments to boost cybersecurity maturity, a trend also visible in our country and which is projected to continue. But investments need to be accompanied by efforts to build a proper culture inside the organizations through awareness and communication, planning of the cyber strategies and actions to retain their experts,” stated Andrei Ionescu, Consulting and Risk Advisory Partner-in-charge, Deloitte Romania, and local leader of the cybersecurity practice.

Organizations are aware of the importance of planning in creating cyber strategies that effectively mitigate risks and drive business value, as almost two thirds of them (62%) have an operational and strategic plan to defend against cyber threats. The highly mature ones stand out in this respect, reaching 91%, the study highlights. Additionally, more than half of the surveyed companies have an annual cybersecurity awareness training among the employees (59%) and a cybersecurity incident-response plan that gets updated and tested annually (58%).

Beyond planning, attracting and retaining the right talent is an important factor in creating successful cyber strategies and companies are taking meaningful steps in doing so, the study shows. In order to engage, retain and develop existing talent, companies mainly offer access to training and certifications programs (54%), flexible and hybrid working options (50%) and specialized career paths (45%).

The report also shows a clear connection between cyber activities and a series of benefits, including trust. For organizations with a high level of cyber maturity, improved brand reputation (64%) and improved digital trust for customers and employees (62%) are among the top benefits of their cyber actions. At the opposite end, low cyber mature companies see significant gain in areas such as confidence in tech integrity (35%) and customer trust and brand impact (31%).

The latest edition of Deloitte Global Future of Cyber Survey focuses on the opinions of more than 1,000 cyber decision-makers across 20 countries from EMEA, North and South America and Asia Pacific. The report captures the increased impact that cybersecurity has on businesses.

Deloitte Romania’s cybersecurity team is specialized in strategy, including cyber crisis exercising and deep dive assessments, defense, including identity and access management services, security operations, proactive and reactive incident management processes and technologies, and attack, revolving around penetration testing, such as red-team testing (TIBER-EU).

The team is an active player during top cyber exercises organized in Romania. In the last years, Deloitte Romania has been one of the very few private organizations selected to participate, alongside the Ministry of National Defense, in the annual exercises organized by NATO. In 2022, Deloitte’s cyber team participated in one of the largest cybersecurity exercises organized in Romania by the National CYBERINT Center within the Romanian Intelligence Service. In addition, the local cybersecurity experts, who own tens of specialized certifications, provide internationally recognized trainings through Deloitte Academy, the professional training unit of Deloitte Romania. Deloitte is an official Authorized Training Center (ATC) in Romania for the International Council of E-Commerce Consultants, also known as EC-Council.

At a global level, for the eleventh year in a row, Gartner ranked Deloitte the leader in security consulting services by market share.

Deloitte provides industry-leading audit and assurance, tax and legal, consulting, financial advisory, and risk advisory services to nearly 90% of the Fortune Global 500® and thousands of private companies. The firm’s professionals deliver measurable and lasting results that help reinforce public trust in capital markets, enable clients to transform and thrive, and lead the way toward a stronger economy, a more equitable society and a sustainable world. Building on its 175-plus year history, Deloitte spans more than 150 countries and territories. Its objective is to make an impact that matters through its 415,000 people worldwide.

Deloitte Romania is one of the leading professional services organizations in the country providing, in cooperation with Reff & Associates | Deloitte Legal, services in audit, tax, legal, consulting, financial advisory, risk advisory, business processes as well as technology services and other related services, through over 3,000 professionals.