Only half (49%) of organizations have sufficient budget to fully meet their current cybersecurity needs, and 11% can, at best, protect only their most critical assets, according to a recent survey by the Neustar International Security Council (NISC). Despite the rapidly changing threat landscape, one-third (35%) of information technology and security professionals responding to the survey said their organization’s cybersecurity budget would remain the same or decrease in 2023, and 44% of these individuals believe their business will be more exposed and at risk as a result.

When survey participants were asked to identify the most significant current risks to their organization’s IT security posture, “increased sophistication of attacks” emerged as the top concern (cited by 60% of respondents), followed by “increased activity of attackers” (54%), “budget constraints” and “larger attack surface from an increasingly borderless business operation” (both 35%).

While a large majority of respondents agree that C-suite and board-level decision-makers understand the current security threats their business is facing (83%), recognize the importance of having a multilayered defense strategy (81%), and make protecting the organization an integral part of business operations (80%), a significant share of participants (69%) are also concerned that current budget constraints are limiting the use of new strategies, technologies and implementation practices.

A sizable majority of survey participants (85%) reported that hybrid working has increased their organization’s reliance on third-party providers for outsourcing staff and resources, and 78% of these professionals believe this development has left their organization more exposed.

With regard to the types of exposure organizations face as a result of increased integration with third-party providers, respondents rated distributed denial-of-service (DDoS) attacks as the greatest perceived threat (ranked highest by 22%), followed by system compromise (20%) and ransomware (18%). Overall, participants rated ransomware as the top increasing threat vector (75%), followed by generalized phishing (74%), DDoS attacks (72%) and targeted hacking and social engineering via email (both 71%).

During the two-month survey period, respondents reported focusing most on increasing their ability to respond to DDoS attacks (54%), vendor or customer impersonation (54%) and targeted hacking (52%).

In line with previous survey findings, 87% of respondents reported that their organization has been on the receiving end of a DDoS attack at some point. A majority (57%) of enterprises outsource their DDoS mitigation and most (60%) take between 60 seconds and 5 minutes to initiate mitigation.

The NISC survey participants were senior information technology and security professionals from across six Europe, Middle East and Africa (EMEA) and U.S. markets. The survey was conducted in November 2022 and reflects respondents’ activity and concerns during September and October 2022.