The number of cyberattacks in Europe has grown significantly this year, highlighting the urgent need for organizations to develop security strategies to protect operations and financial profile, according to a new report from Moody's investors Service.
The report noted that Russian invasion of Ukraine is a contributing factor, with around 38% of attacks related to it. But the conflict is not the only reason for the acceleration. Moody’s also found that the number of attacks that are unrelated to the conflict in the first nine months of 2022 is already more than double the number it reported in all last year.
“Increasing digitalization across industries creates a higher number of potential targets as well, and that is unfortunately intensively used by hackers,” Dirk Goedde, VP senior analyst at Moody’s told SC Media in an email.
The report also found that the public sector has a higher number of attacks because it is mostly affected by distributed denial of service attacks, while private companies suffer more severe operational and financial consequences. Attacks such as ransomware and data breaches generate higher costs to companies in the private sector.
“Because of the prevalence of ransomware, where employees are lured to click on links, the need to invest in cyber awareness and training is clear,” the report added.
Moody’s has yet to take a negative rating action in Europe, the Middle East and Africa (EMEA) that was caused by a cyber-criminal activity since the financial fallout from each attack has not been substantial enough to damage credit quality in a lasting way. But the company noted that the acceleration in attacks may harm profitability.
“We believe there are unavoidable side effects, such as higher cyber defense costs or lawsuits,” the report explained. “For high-profile incidents that involve data from a large number of customers, we see a risk of collective lawsuits that may, in aggregate, be significant.”
On a positive note, Moody's survey showed a rise in companies' awareness and preparedness in response to elevating cyber threats, with 87% of assessed organizations in EMEA having a manager whose responsibility includes managing cyber threats. The financial sector is the most prepared of all industries, with all companies having a cyber manager. The sector also has a higher budget, with financial service companies spending 7% of their IT budget on cybersecurity compared with the median of all sectors at 5%.
“The financial sector has a higher degree of digitalization which creates necessity to have a higher IT budget,” Goedde said. “They also spend more given the highly sensitive business model.”
To further defend the evolving cyber landscape and secure emerging innovative technologies, the European Union (EU) is proposing a revision of the current directive on security of network and information systems.
In the updated directive, the EU will implement several significant changes, such as generating greater capabilities in terms of higher level of supervision and enforcement, building closer collaboration between EU member states to better coordinating vulnerability disclosures, and setting higher security requirements.