Increase in Organisational Data Breaches


Splunk in collaboration with Enterprise Strategy Group have released the State of Security 2023, an annual global research report that examines the security issues facing the modern enterprise.

More than 1,500 security leaders participated in the survey, revealing they’ve continued to see an increase in cyberattacks and unplanned outages.

According to the report, over half (52%) of organisations say they have suffered a data breach in the past two years, an increase from 49% in 2022 earlier and 39% in 2021.

In addition, 62% of respondents report that their business-critical applications have suffered from unplanned downtime due to a cybersecurity incident on at least a monthly basis, an increase from 54% in 2022.

Key Singapore findings from the report include:

  • Companies are increasing investment in security at a lower rate than their peers: Just 27% say that their organisation will increase spending significantly over the next 12-24 months (vs 59% across the rest of the world).
  • Local companies are less likely to report software supply chain security as a top area of focus for the coming year (23% vs 33% in the rest of the world).
  • Only 38% of Singapore organisations say they’ve significantly increased their focus following recent software supply chain attacks (vs 70% of respondents in the rest of the world).

●       Companies are less likely to say that their organisation has implemented, or increased investment in, key controls to help with ransomware.

  • Only 17% implemented ransomware detection rules (vs 26% in the rest of the world)

●       Companies across the APAC region prioritise investment in staff training and commercial security controls to overcome talent challenges.

Globally, the report has also found:

  • Bad actors are going unnoticed on corporate networks for extended periods of time. On average respondents report over two months (2.24) go by from when a bad actor gains access to when appropriate parties are aware of it.
  • The mean number of outages an organisation faces  is ~22 per year. The costs of this downtime consumes roughly 2.7% of annual revenue. According to Splunk’s recent Resilience Pays Off global research report, this downtime can cost organisations roughly $365,000 per hour.
  • Security incidents are an existential threat. Over a third (39%) of the respondents say cybersecurity incidents have directly harmed their competitive position. In addition, 31% say cybersecurity incidents have reduced shareholder value.

While enterprises face major cybersecurity obstacles, many organisations are taking steps to address these challenges:

  • Security teams are spending more. 95% of the respondents say their security budgets will increase over the next two years, with 56% saying their budgets are increasing “significantly.”
  • Cybersecurity is a team sport. 81% of organisations say they are converging aspects of their security and IT operations together. Respondents believe that this convergence will help with the overall visibility of risks in their environment (58%) and that they will see improved cooperation in threat identification and response processes (55%).
  • Organisations focus on protecting their supply chain. 95% of respondents say they have increased their focus on third-party risk assessments.
  • Data is the answer. 91% of respondents agree that better capture and analysis of detection data is one of the most effective tools to prevent successful ransomware attacks.

“In the organisations we’ve worked with, resilience has been strongest with a collaborative approach in everything, from software development and infrastructure monitoring to business continuity planning,” said Ryan Kovar, Distinguished Security Strategist for Splunk and Leader of SURGe. “This approach brings everyone to the table, including security leaders with IT and business leaders, so they all can focus on protecting the organisation.”

The global survey was conducted from mid-November 2022 through early January 2023 and in partnership with the Enterprise Strategy Group. The 1,520 respondents, IT and security leaders and practitioners who spend more than half their time on security issues, were drawn from ten regions: Australia, Canada, France, Germany, India, Japan, New Zealand, Singapore, the United Kingdom and the United States.

You can read the full report here.