A recent Hiscox report revealed that seven in 10 (69%) U.S. companies report an increase in cyberattacks compared to the previous year. The report underscores that cyber threats now pose a greater risk to organizations than bankruptcy, according to the survey.

According to the report, U.S. business leaders consider cyberattacks and data breaches (32%) to be a bigger threat to their organizations than skills shortages (30%) and bankruptcy (27%). With an average of 62 cyber incidents per business each year — or more than one attack or attempt per week — U.S. companies are facing threats as often as many receive company-wide communications from leadership or weekly newsletters.

Suffering from ransomware (32%) or virus outbreaks (37%) proves to be the most common cyberattack outcome for businesses, with 56% also reporting financial losses due to payment diversion fraud and 36% citing loss of encrypted data. As a result, 72% of U.S. companies recognize the importance of cyber resilience as integral to their business strategy.

Paying a ransom offers no assurance of full data recovery; in fact, only 7% of businesses who paid a ransom successfully retrieved all their data, and 10% experienced data leaks despite payment. After an attack, reputational challenges loom, with 43% of businesses struggling to attract new clients due to the damage caused.

Phishing emails appear to still be the primary method of choice for cyber criminals, accounting for 57% of ransomware incidents. Among companies that have faced an increase in their cyber risk exposure, they credit a substantial lack of employee awareness (41%).

Failing to decommission outdated systems was identified as the primary driver of rising cyber risk (47%), with legacy systems presenting greater vulnerabilities than employee personal device usage (39%).

Businesses that opted to pay ransoms did so because 35% lacked adequate data backups and were unable to restore their data.

Read the report.

According to a recent report by Kong, 25% of respondents have encountered AI-enhanced security threats related to APIs or LLMs, with 75% of respondents expressing serious concern about AI-enhanced attacks in the future. While 85% say they're confident in their organization's security capabilities, 55% of respondents cited they've experienced an API security incident in the past year, highlighting a notable disconnect.

While 92% of respondents say they are taking measures to counter AI-enhanced attacks and 88% of respondents citing API security as a top priority, it is clear that many organizations lack the comprehensive security measures needed to protect their API infrastructure in the AI era.

As might be expected 84% of respondents feel AI and LLMs will make securing APIs more difficult, but surprisingly, the research finds many basic API security tactics being left out of overall strategy.

Thirty-five percent of organizations are adopting zero-trust architecture in order to mitigate API security risks and 3% of respondents cite shadow APIs as a significant security threat to their organization. With the convergence of APIs and AI, it is more important than ever to have a strong API security posture.

The top three measures organizations are taking to secure APIs against AI-enhanced threats include increased monitoring and traffic analysis (66%), educating staff on AI-related threats (60%) and AI-driven threat detection systems (51%).

The top three steps being taken to mitigate API security risks are API monitoring and anomaly detection tools (63%), API gateway solutions (61%), and API encryption and tokenization (58%). Forty-five percent of organizations have dedicated at least 20% of their cybersecurity budgets to API security. According to the report, 41% are unsure or doubtful that their organization's investment is enough to cover API security risks.

Read the report.