In a survey by KPMG auditors, all 903 companies surveyed reported phishing attacks. In nine out of ten companies, someone else has pretended to be a manager in order to cheat the company (CEO fraud). Every tenth attack was successful. Weeks of operational failures followed for almost half of the affected companies.
While cyberattacks are cheap to carry out, the cost to victims is often high. For 12 percent of the companies surveyed, the financial damage was more than 1 million euros, almost half had to raise up to 100,000 euros. “This can be a clear existential threat”, says KPMG partner Andreas Tomek. And the situation is getting worse, writes KPMG director Robert Lamprecht. Almost two out of three companies now regard fake phone calls as normal, everyday business. Every third company has already identified a connection between the Russian war of aggression in Ukraine and cyber attacks on their own company. A good half of the companies surveyed see their business existence threatened by cyber attacks. The increasing interest of the attackers in the critical infrastructure is particularly worrying.
A third of the companies surveyed were victims of blackmail (ransomware), a fifth were affected by deep fakes, i.e. videos or photos that are deceptively real. In the meantime, it is also common to influence one’s professional environment via privately used social networks. And the majority expect cyber attacks to increase in the coming months, the 2023 edition of the study shows “Cyber security in Austria”which was published for the eighth time by KPMG with the Digital Economy Security Forum of the Competence Center for Safe Austria (KSÖ).
Lamprecht points out that different types of threats are being used in parallel and targeted disinformation campaigns are becoming more common. State or state-sponsored attacks (Advanced Persistent Threats, APTs) are a particular challenge for 72 percent of those surveyed.