A new survey of executives sheds light on how well organizations fared with cyberattacks in the last 12 month as well as what attack vectors are going to increase future breaches.

I’ve spent quite a bit of time here writing about the experienced and expected continued increases in cyberattacks due to the evolution of cybercrime-as-a-service, the partnerships between cybercriminal groups, and the increased sophistication of attacks.

In other words, cybercrime is now fully acting like legitimate businesses.

A new survey of executives from cybersecurity analysis vendor ThoughtLab provides us a view into what’s transpired back in 2021, and what execs are expecting moving forward. In their newly released report, Cybersecurity Solutions for a Riskier World, we see that both cybersecurity incidents and “material” breaches increased in 2021:

  • Organizations experiencing a cybersecurity incident grew 15% in 2021 over 202 with just over one-quarter of organizations (26.2%) being involved in an attack
  • While material breaches were far less common, the percentage of organizations experiencing them (.82%) in 2021 was a 24% increase over 2020

And when asked whether their organization is “well prepared for today’s rapidly changing threat landscape”, on average, 27% of all executives said they weren’t, with 40% of CSOs feeling even more strongly about their lack of preparedness.

When asked about the types of attacks that were responsible for the breaches, as well as which ones pose the highest risk over the next two years, a pattern of risk begins to emerge:


The top two highest risks for the foreseeable future are also two of the main causes for recently experienced breaches. They also all involve the unwitting participation of your users. And if you consider that the top initial attack vector in ransomware attacks is phishing, you can include some part of ransomware involving users as well.

What’s needed to protect organizations from future attacks is to prepare users. Prepare them from phishing, vishing, SMiShing, and social engineering – all commonly-used methods to trick users into engaging with malicious content that is the catalyst for breaches. It’s only through Security Awareness Training that users begin to understand how attacks work, what tactics are used, and how to identify a malicious piece of content in email or on the web, reducing the likelihood that users will engage and help the attacker.