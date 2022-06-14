|
CED Report: As Cyberattacks Intensify, Keeping the US Resilient Will Require Closer Public-Private Cooperation
NEW YORK, June 14, 2022 /PRNewswire/ -- Today, the Committee for Economic Development, the public policy center of The Conference Board (CED), issued a new Solutions Brief, Securing Cyberspace in an Era of Evolving Threats. The report—the latest in a series on Sustaining Capitalism—illustrates the ever-growing threat of cyberattacks, especially ransomware attacks, and looks at the factors that make it harder to secure against such threats, including a talent gap. It also includes several recommendations for bolstering cyber protection and resilience and building a cyber workforce and talent pipeline.
The report's central theme is that leaders in the public and private sectors must work more closely together to better secure cyberspace. That will mean sharing information, collaborating against accelerating threats, and working in tandem to train a cybersecurity workforce large enough to protect Americans and their data. A cyberattack occurs in the United States every 39 seconds, a frequency that is only expected to increase, especially because the COVID-19 pandemic accelerated the use of cloud services and other digital technologies.
"Cybersecurity is no longer just an issue for the IT department, but is now a critical responsibility for CEOs, c-suites, and boards in all organizations," said Dr. Lori Esposito Murray, President of CED. "This responsibility won't be met effectively without more robust coordination and partnerships between public- and private-sector leaders—spanning major corporations to smaller businesses to the federal government to state and local governments. Cyber threats are growing in numbers, complexity, and intelligence, underscoring the importance and urgency of acting against cyber criminals while also making our systems significantly more resilient."
Key insights from the Solutions Brief include:
Cyberattacks are increasing in frequency and seriousness
- A cyberattack occurs in the US every 39 seconds.
- Ransomware poses a particular threat, having been used in 60 percent of malware attacks on companies in 2021—up from 45 percent in 2020.
- 76 percent of companies report having been victimized by ransomware.
- In 2021, 90 percent of ransomware attacks on businesses impacted their ability to operate.
- In 2021, in 68 percent of attacks, cybercriminals distributed ransomware by email or social engineering (e.g., phishing, baiting, scareware).
- Experts predict that, by 2031, ransomware will cost $265 billion globally, up from $20 billion in 2021.
Cybercriminals are varying their targets and methods
- Attacks on large organizations are usually targeted, with a goal of stealing sensitive data and potentially demanding a payment.
- While attackers have traditionally used a random, "spray-and-pray" approach to attack smaller companies, they are increasingly targeting those businesses as data becomes more valuable.
- In 2021, 74 percent of all cyberattacks were targeted, up from 70 percent in 2020.
- According to one estimate, 74 percent of all money made through ransomware attacks went to Russian hackers.
- Cybercriminals have also started targeting supply chains to maximize the impact they have on organizations that they attack.
- The three most frequently attacked sectors in 2021 were government (16 percent), healthcare (11 percent), and manufacturing/industry (10 percent).
The US faces a cybersecurity workforce deficit
- 88 percent of businesses hit by ransomware report that they have an insufficient cybersecurity budget, with the same percentage saying that they don't have enough cybersecurity workers.
- The US added more than 260,000 cybersecurity jobs in 2021, a 30 percent increase. But as of early May 2022, there were 600,000 vacant US jobs in the sector.
- On average, 50 percent of hiring managers believe that applicants are not well-qualified, which helps explain why it takes six months to fill a new cybersecurity position.
Key recommendations from the Solutions Brief include:
In its Solutions Brief, CED makes several recommendations for public/private collaboration to improve cyber protection and resilience, broken into seven sub-recommendations, and on building a robust cybersecurity talent pipeline:
- Strengthen cyber protection and resilience. This recommendation has seven components:
- Build a robust cyber workforce and talent pipeline:
