Newsletters
Risk Central
Digital EditionOrganizations Can Cut Malware Impact by Up to 80% With Proper Defenses: Survey
Organizations implementing strong cyber hygiene practices can reduce their likelihood of being impacted by widespread malware events by 50% to 80% through various mitigation efforts, according to a survey of cybersecurity professionals by CyberCube and Munich Re.
Patch management, network segmentation and maintaining current backups emerged as the most effective defenses for reducing the likelihood of being impacted by a malware event, according to the survey respondents.
The survey findings, based on responses of 93 cybersecurity experts, paint a concerning picture of current cyber risk landscapes.
Another global malware event on the scale of WannaCry or NotPetya would not surprise most cybersecurity professionals, the survey found. Those two attacks each affected at most 0.5% of machines worldwide, the survey noted. In contrast, the survey respondents indicated that a 10% global infection rate would be surprising, while a 25% rate would be truly shocking.
Cloud dependency has reached critical levels across industries, with technology-forward sectors like IT, telecommunications, financial services, health care and retail showing high or very high reliance on cloud service providers, according to the report.
Even traditionally low-tech industries such as construction, marine, mining and energy utilities now exhibit at least medium dependency levels on cloud services. Small and mid-sized firms with revenues between $10 million and $100 million demonstrate the highest cloud reliance, the report noted.
Emerging threats are crystallizing around Internet of Things devices and Large Language Model (LLM) artificial intelligence systems, which experts identified as the most immediate cybersecurity risk areas of concern, the report said.
LLMs are already impacting the threat environment by enabling scaled sophisticated spear phishing operations, while also providing defenders with enhanced detection capabilities.
Industry Faces Growing Risk Management Challenges
The CyberCube and Munich Re survey identified gaps in risk assessment and preparedness.
Cloud practitioners consistently rated cloud service provider reliance higher than corporate risk managers did, with cloud experts estimating 40% to 90% of business-critical functions are cloud-based compared to risk managers’ estimates of 35% to 75%. This disconnect suggests varying levels of understanding about cloud criticality within organizations, according to the report.
Malware attack mitigation strategies reveal both opportunities and limitations. Respondents indicated that patch management, network segmentation and maintaining current backups were the most effective mitigation strategies against widespread malware attacks. However, no expert believed that adopting all available mitigation methods could provide complete protection, highlighting persistent residual risk.
“These three controls significantly reduced both the likelihood and impact of malware events, with the former two reducing likelihood and the latter two reducing impact,” the report noted. MDR (managed detection and response) and XDR (extended detection and response) solutions were seen as moderately effective, the report added.
“Although social engineering was rated a top vector for malware, security awareness training was only rated as ‘somewhat effective,’ revealing a misalignment between threat recognition and mitigation confidence,” the survey found.
For cloud outages, experts expect disruptions lasting hours to days, with outages beyond 72 hours considered rare but possible, the report noted.
Financial losses scale dramatically with duration – a single-day outage of the most critical cloud service provider would likely result in losses equal to 1% of yearly revenue, but extending to five days could increase losses by a factor of seven or more for over half of organizations, according to the report.
Strategic Implications for Risk Management
The research is intended to provide crucial data for improving catastrophe modeling of cyber risk where empirical information is limited, according to CyberCube and Munich Re. Insurance companies can now better understand tail risk scenarios and the effectiveness of various mitigation strategies when calculating premiums and coverage limits, the report said.
Organizations should prioritize establishing multi-region architecture with their cloud service providers for critical business applications, as this proved more effective than maintaining multiple providers, the report recommended. The survey found that switching between cloud providers during an outage is largely unfeasible, making architectural redundancy within a single provider’s ecosystem the preferred strategy.
The findings also highlight the need for enhanced coordination between cloud security practitioners and corporate risk managers to align understanding of actual cloud dependencies.
As cyber threats evolve rapidly, particularly with AI-enabled attacks, organizations must prepare for scenarios that extend beyond historical precedents while investing in the fundamental security hygiene practices that can cut risk exposure by half or more.
Obtain the full survey here. &
