Bengaluru: Amidst rising cybersecurity threats, 81 per cent of security leaders anticipate a cyberattack on their organisations in the next 12 months, while only 48 per cent believe they can prevent it, according to a study by HCLTech, which had a sample size of  1,596 security leaders who are the primary decision makers or influence decision-making related to cybersecurity in their organisation.

“Geopolitical conflicts are spilling over into the digital realm, with nation-state actors using cyberattacks as tools of disruption, spying and influence. Moreover, elections often lead to a surge in politically motivated cyberattacks, including disinformation campaigns, deep fakes, phishing attacks and targeted disruptions of key systems which also extend to industries,” the report said. 

Remarkably, more than half (54 per cent) of them have identified artificial intelligence (AI) generated attacks as the biggest security risk.

Among the various types of attacks, credential theft remained a significant threat, wherein attackers steal login information to gain unauthorised access to systems. This often occurs through AI generated phishing or vishing, social engineering or exploiting weak password policies. 

North America has emerged as the front runner, witnessing the highest incidence of reported attacks at 64 per cent, followed by 57 per cent in Europe and 51 per cent in the Australia-New Zealand region during the October 2023- September 2024 period. 

The industry breakup showed that life sciences and healthcare took the most brutal hit with 62 per cent reporting attacks, followed by telecom, media and entertainment (TME) at 59 per cent and manufacturing at 58 per cent.

On resuming operations in the aftermath of a cyberattack, alarmingly, three fourth of the security leaders faced high to moderate challenges, with TME particularly struggling to recover after a cyberattack. 

Despite the surge in attacks, which causes disruption in operation capacity and even has financial impact, less than half (35 per cent) of security leaders have confidence in their in-house expertise to manage cybersecurity risks, relying more on external sourcing to bolster their capabilities. 

“Additionally, only 37 per cent feel they are effective in communicating their organisation's IT security posture to the board and C-suite, highlighting a gap in both internal expertise and strategic communication at the leadership level,” the report added. 

In response to the rising threats, 63 per cent of security leaders plan to increase cybersecurity investments over the next 12 months. These investments would be made to improve compliance and risk management as well as incident response and recovery capabilities.