Successful cyberattacks on businesses on the decline in 2022

When it comes to cybersecurity, the threat remains ever-present, but companies seem to be resisting it better. That's what CESIN (Club des Experts de la Sécurité de l'Information et du Numérique) reveals in its latest annual survey, assuring us that the number of successful cyber-attacks fell in 2022.

Fewer successful cyber attacks

To gain a better understanding of the perception of cybersecurity and its challenges within French companies, CESIN has been publishing its annual Barometer in partnership with OpinionWay since 2015. The association recently revealed the results of its latest survey of cybersecurity directors and information systems security managers (ISSMs).

According to the CESIN 2023 Barometer, the cybersecurity threat still weighs heavily on businesses, but successful attacks, with significant repercussions for victims, are on the decline. In fact, 45% of companies surveyed suffered a successful cyber attack in 2022, compared with 54% in 2021.

Phishing remains the most common attack vector. In this form of fraud, a fraudster lures an Internet user into disclosing personal and/or banking data by pretending to be a trusted third party. Companies also mention vulnerability exploitation (45%) and rebound attacks via a service provider (24%). It has to be said that the number of vulnerabilities and the public attack surface are constantly increasing.

In 60% of cases, cyber attacks impact the business of the targeted company. 24% of those surveyed stated that they had significantly disrupted production. This is followed by :

  • data compromise (14%),
  • media impact (14%),
  • website unavailability (13%),
  • financial losses linked to fraudulent transactions (9%),
  • lower sales (7%).

Effective tools and greater employee awareness

The fall in the number of successful cyberattacks can be explained by the introduction of more effective protection systems.

" The focus is on incident detection and response tools. Multi-factor authentication is used by 81% of companies, and is deemed to be effective. This is all the more important given that 33% of attacks led to identity theft ", says the Barometer.

On average, nearly 15 solutions and services have been adopted by organizations. The companies surveyed appear to have a good level of confidence in these solutions, with 88% of them judging them to be " fairly suitable ". Budgets allocated to cybersecurity are set to increase again in 2022, with 63% of organizations forecasting an increase dedicated to protective devices.

Employee awareness has also contributed to the decline in successful cyberattacks. According to the survey results, this was cited by 82% of respondents as the number one defensive measure to be put in place by 2022 in the fight against ransomware. Finally, the rate of companies declaring that they have instituted a training program to deal with a cyber crisis is on the rise, at 51%, up from 44% in 2021.