10 Reasons Why Cyber Threats Are Increasing

Anyone who has followed industry research over the past decade knows that cyber security incidents have grown significantly year after year, affecting organisations of all sizes. Large‑scale global surveys by organisations such as PwC have consistently shown sharp rises in the number of cyber security incidents worldwide.

These findings highlight the scale of modern cyber activity, with organisations experiencing cyber attacks at persistently high daily volumes.

If any organisation believes it can completely avoid cyber attacks, it is underestimating how targeted and persistent today’s threats have become.

Cyber attacks are here to stay. In multiple editions of its Global Risks reports, the World Economic Forum has consistently ranked cyber attacks among the most likely global risks facing businesses and governments alike.

It should come as no surprise then that industry experts are forecasting continued large spikes in information security threats in the coming years. Below are 10 reasons why cyber threats are increasing and why businesses should take both digital and physical information security seriously.

1. Cyber criminals are clever. They are increasingly targeting small and medium sized companies as a way to get to larger organisations. While large companies have bigger volumes of valuable information, they typically have better security processes in place too. But they don’t always do a good job monitoring their partners, suppliers and supply chain. The PwC research shows a 64% spike in the number of incidents detected by medium-sized organisations.

2. The numbers aren't accurate anyway. Many companies are unaware of attacks. Industry research suggests that as many as 71% of compromises go undetected, while others don’t report them.  

3. Information security still doesn’t get the respect it deserves. Research, including Shred‑it’s State of the Industry shows that businesses in the UK can be complacent about their security policy, data destruction, and data protection laws. The PwC survey found that global information security budgets had decreased by 4% compared with the previous reporting period.

4. Lack of training. Just 51% of respondents provide security awareness and training, down from 60% in the previous survey period.

5. Lack of leadership. Only 49% of respondents have a cross-organisational team dedicated to information security.

6. Insiders. Almost one-third of respondents said insider crimes (whether malicious or accidental) are the most costly and damaging, yet many companies do not have a programme in place to deal with insider security threats.

7. Legalities. 75% of respondents to the cyber crime survey do not involve the law when cyber crimes are committed by insiders. This can increase the risk for other organisations if individuals involved are employed elsewhere in the future.

8. Service providers, consultants, and contractors. The percentage of incidents involving current and former supply‑chain employees shows an increase of almost 20%, while just 54% of respondents to the PwC survey report having a formal policy requiring partners to comply with privacy policies.

9. Lack of talent. There have been reports of a shortage of experienced security professionals. The most skilled candidates are hired by bigger organisations. 

10. Connectivity. The Internet of Things is the massive network of gadgets, household appliances and personal products (think baby monitors, home thermostats, TVs, heart rate monitors) that interconnects information, operational and consumer technologies. PwC research indicates a growing number of attacks targeting connected consumer devices. Many of these devices lack security safeguards.

Alongside these factors, emerging technologies are also shaping the threat landscape. The growing use of artificial intelligence and automation is enabling cyber attackers to operate at greater scale and speed, making attacks such as phishing, reconnaissance, and malware distribution more sophisticated and harder to detect.

Physical information security still matters