- Ten threat actor groups fuel 44% of global cyber incidents
- 24% of cyber incidents originate from China, with Russia accounting for 15%
- SecurityScorecard threat hunters analyze 6.3 million organizations across 189 countries
GENEVA–(BUSINESS WIRE)–SecurityScorecard, a global leader in Security Ratings, released the world’s first Cyber Resilience Scorecard at the World Economic Forum Annual Meeting. The Cyber Resilience Scorecard provides an unprecedented view of global cybersecurity risk, arming leaders with data-driven insights to safeguard the world’s economies.
Key findings include:
Top 10 threat actor groups: The adversaries behind 44% of incidents
The same 10 threat actor groups are behind 44% of worldwide cyber incidents, including notable names like Cobalt Group, Sandworm Team, and the notorious АРТ28 hacking group, also known as Pawn Storm, Fancy Bear, and BlueDelta.
Geopolitical hotspots: Operational infrastructure concentrated in China and Russia
Threat groups operate globally, but their operational infrastructure is concentrated in some countries more than others, with 24% originating from China and the Russian Federation accounting for 15%. These insights shed light on the geopolitical dimensions of cyber conflict.
High-risk sectors: Tech titans in the crosshairs
Information services and technology industries experienced the majority of cyber incidents, closely followed by critical infrastructure, including telecommunications, financial services, and government. This concentration of risk emphasizes the importance of collaborative cyber risk management, as these high-risk sectors face and contribute to rapidly increasing cyber risk.
Interconnected supply chain risk: Navigating a complex matrix
The intricate interdependence among various industries within the supply chain further complicates the cybersecurity landscape. As cited by the new SEC cybersecurity incident disclosure requirements, SecurityScorecard research found that 98% of organizations use a third party that has been breached.
Rob Knake, former Deputy National Cyber Director in the United States, noted: “Policymakers globally need to find new methods to assess national resilience and evaluate if policies and programs enhance cyber resilience. You can’t manage what you don’t measure. This inaugural Global Cyber Resilience Scorecard provides a groundbreaking benchmark that global leaders can use to continuously assess cyber defense efforts and communicate clearly with global stakeholders in understandable terms.”
Cybersecurity transparency builds resilience
According to Gartner,® “transparency delivers a 53% improvement in third-party cyber risk management effectiveness.”1 Similar to credit ratings, Security Ratings provide global leaders with a shared framework for cybersecurity risk management. Notably, organizations with an F rating are 7.7 times more likely to experience a breach than their A-rated counterparts.
Dr. Aleksandr Yampolskiy, CEO and Co-Founder, SecurityScorecard, stated: “Progress starts with precise measurement. And until recently, cybersecurity lacked effective measurement. As the World Economic Forum convenes to address the imperative of rebuilding trust, Security Ratings arm global leaders with a universal language to be relentlessly data-driven in managing cybersecurity risk. By establishing clear KPIs, we can enhance cyber resilience, ultimately renewing trust in our digital ecosystem.”
The Cyber Resilience Scorecard was created by analyzing cybersecurity scores for 6.3 million entities in 189 countries across 17 regions worldwide. SecurityScorecard continuously updates Security Ratings for over 12 million entities, monitoring 250+ cybersecurity signals. Data scientists correlated the 6.3 million cybersecurity scores with the International Monetary Fund 2022 GDP per capita data to assess the cyber risk and economic correlation.
For more in-depth information and access to the Cyber Resilience Scorecard 2024, please visit: https://resources.securityscorecard.com/wef-2024/cyber-resilience-scorecard
Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated.
Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.
SecurityScorecard makes the world safer by transforming how companies understand, improve, and communicate cybersecurity risks to their boards, employees, and vendors. SecurityScorecard achieved the Federal Risk and Authorization Management Program (FedRAMP) Ready designation, highlighting the company’s robust security standards to protect customer information, and is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.
1 Gartner: Podcast: Wrangling Third-Party Cyber Risk Management; November 20, 2023, Christopher Mixter and Rahul Balakrishnan.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.