Cyber Security Insights Report 2023

Discover the key cyber challenges facing large organisations today in our annual cyber insights report.

Landing page hero (3)

How many organisations have recently been impacted by cyber attacks? What types of attack did they face? What is the average cost of a serious incident? These are just some of the questions we answer in the Cyber Security Insights Report 2023. We surveyed 600 senior leaders within large organisations to understand the key cyber issues and challenges they’ve faced over the past 12 months.

This year, we see that across all sectors business are regularly impacted by cyber-attacks, with 63% reporting a major cyber incident within the past three years. And the direct cost of an incident has risen by 11% to USD 1.7 m since 2022. But the types of attack experiences are not uniform and in this year's report we explore how the size and sector of your organisation can influence attack vectors.

We also learned that leaders continue to grapple with security challenges posed by hybrid working while seeking to understand growing advances in technology, such as AI, and the impact they could have on the cyber threats they face
.

david-werbrouck-5GwLlb-_UYk-unsplash

Key findings at a glance

11%

Increase in direct cost of a serious incident

63%

Experienced a serious incident in the past 3 years

97%

Plan to increase their use of AI-based technologies in the next twelve months

3%

Amount cyber budgets increased in 2023

Download the report

 

Reach out to our expert contributors

Katherine Kearns
Katherine Kearns
Head of Proactive Cyber Services, EMEA

Katherine is the Head of Proactive Cyber Services based in Manchester, UK.

Katherine has 15 years of experience in cyber security advisory. As a Head of Proactive Cyber Services at S-RM, Katherine leads on developing the strategy for advisory, offensive security and private equity cyber services, supporting clients on their cyber transformation journeys. 

Prior to joining S-RM Katherine was a Senior Manager in PwC for just short of 4 years, specialising in cyber security advisory across private and public sector clients including cyber transformation, strategy, operating model, cyber risk assessment and management engagements. Katherine is an SME in supply chain security and was leading PwC’s third-party security risk management services helping clients identify critical third parties, assess and manage the risks they pose.  

Before PwC, Katherine was and Executive Principal Consultant at the NCC Group where she worked for 11 years, managing a security audit team and leading on the third-party risk services. Under Katherine’s leadership the audit team conducted PCI Card Production audits globally, comprising of security assessments of payment cards production facilities against the security standards of multiple payment schemes. 

Katherine is CISSP (Certified Information Systems Security Professional) and CCSP (Certified Cloud Security Professional), ISO27001 Lead Auditor and previously PCI QSA.

Casey O'Brien
Casey O'Brien
Director of Operations, Cyber Security

Casey O’Brien joined the business in 2013. Casey is a Director focusing on cyber security. He began his career at S-RM as an analyst specialising in Russia and the former Soviet Union (FSU), leading on complex assignments in jurisdictions including Azerbaijan, Kazakhstan, Uzbekistan and Moldova.

In 2016, Casey was seconded to S-RM’s office in Rio de Janeiro, where he oversaw the development of the company’s newly formed LatAm team. He returned to the UK in 2017 to manage the Russia and FSU team, leading the team through a period of significant growth. In May 2020, Casey refocused on cyber security and is now responsible for strategic and operational cyber-focused projects.

Casey holds a BA in Medieval and Modern Languages (Russian and French) from the University of Oxford.

Joani Green
Joani Green
Technical Director, Cyber Security

Joani Green joins S-RM’s cyber leadership team as Global Technical Director for the Cyber Incident Response practice. She brings deep expertise and experience in penetration testing, purple teaming, cyber defence, major incident management, incident readiness and digital forensics.

Prior to joining S-RM Joani was the Global Head of Incident Response for a research-led cyber security consultancy. In this role she was responsible for enabling the company’s Incident Response strategy and implementing continuous improvement to the practice. Joani also supported the Incident Response team in delivering investigations ranging from ransomware and advanced nation-state threat actors, to insider threat and fraud investigations for multi-national organisations.

Joani is a keen proponent for Equality, Diversity and Inclusion in cyber security and is involved in several minority focussed mentoring and training initiatives.

Gideon Teerenstra
Gideon Teerenstra
Head of Cyber Advisory, Benelux

Gideon Teerenstra is Head of Cyber Advisory Benelux for S-RM’s Cyber practice. With over 10 years in the industry, Gideon has worked closely with our clients to develop tailored solutions that map their precise requirements for cyber strategy and implementation based on their locations, exposure, and objectives. Prior to joining S-RM, he worked for the Cyber Strategy team of Deloitte Netherlands and has been the CISO of a university medical centre.

Gideon holds a bachelor’s degree in Industrial Engineering & Management, and a master’s degree (honours) in Business Information Technology, specialising in Innovation & Management.

Jamie Smith
Jamie Smith
Board Director, Global Head of Cyber Security Services

Jamie Smith joined the business in 2011. Before S-RM, Jamie worked for five years as a South Asia specialist for Kroll Associates in Mumbai. When he first joined S-RM, Jamie was responsible for building its Corporate Intelligence capability, helping clients manage their counterparty risk during due diligence transactions and leading clients through a series of complex disputes and investigations.

More recently, Jamie’s role has focused on S-RM’s Cyber Security practice. He has built deep expertise in helping clients respond to and recover from cyber security incidents as well as helping clients prevent incidents by developing robust cyber security programmes. Jamie has an LLB in Law and French from the University of Bristol.

 

Smith, Jamie

 

Lenoy Barkai
Lenoy Barkai
Director, Cyber Security

Lenoy is a Director in S-RM’s cyber security division. She has over 10 years’ experience spanning security risk management and strategic consulting. Since joining S-RM in 2018, Lenoy has supported clients working through complex cyber and physical security challenges, and has led projects spanning the financial services and insurance, energy, manufacturing and FMCG sectors, among others.

Prior to joining S-RM, she worked as a portfolio manager for a global asset management firm. She is a CFA Charterholder and has an MA in International Relations from King’s College London.

James Jackson
James Jackson
Associate Director, Cyber Security
Michael Clark
Michael Clark
Head of Cyber Advisory, Americas

Michael has over 15 years of experience working in “Big 4” accounting firms and reputable global consulting firms operationalizing IT Risk, Cyber Supply Chain Risk, and Governance, Risk, and Compliance (GRC) strategies and programs across multiple industries, including Financial Services, Pharma, Tech, Manufacturing, Retail, Energy, and Rail Transportation.

Specifically, Michael’s experience includes leading and supporting largescale global transformations, strategy development, maturity/current state assessments against industry-leading frameworks, program design and implementation, project management, change management, GRC technology selection and implementation, leading and conducting IT and supply chain risk audits, and various other related strategic activities in support of assisting clients to solve complex problems with pragmatic solutions. 

Prior to S-RM, Michael worked at PwC as a Senior Manager first within the Performance, Governance, Risk, & Compliance team and later within the Cyber, Risk and Regulations practice as part of the Third-Party Risk Management team. Michael also worked at EY in the IT Risk Assurance practice as a Manager focused on IT audits (including SOX audits), vendor risk control assessments, and SOC reports. Prior to starting his career in the civilian sector, Michael served in the US Army as a commissioned officer where he honed his leadership and problem-solving skills leading soldiers in combat missions while deployed.

Harriet Martin
Harriet Martin
Associate Director, Cyber Security

Harriet is an Associate Director in S-RM’s Cyber Advisory team. She is a senior manager with responsibility for the overall delivery of Cyber Advisory services as well as project managing the team’s most complex tasks. She has worked on many cyber risk and governance projects for clients in Private Equity as well as the financial services, technology, and hospitality sectors. Harriet is also responsible for coordinating S-RM’s proactive services in cyber security to insurance and legal clients in the UK.

Harriet has 9+ years’ experience in cyber and corporate security and her skillset is founded in an in-depth knowledge of risk methodologies, technologies, industry standards and best practice. Harriet holds a master’s degree in International Conflict Studies from King’s College, London.

Katherine Kearns
Katherine Kearns

Head of Proactive Cyber Services, EMEA

Casey O'Brien
Casey O'Brien

Director of Operations, Cyber Security

Joani Green
Joani Green

Technical Director, Cyber Security

Gideon Teerenstra
Gideon Teerenstra

Head of Cyber Advisory, Benelux

Jamie Smith
Jamie Smith

Board Director, Global Head of Cyber Security Services

Lenoy Barkai
Lenoy Barkai

Director, Cyber Security

James Jackson
James Jackson

Associate Director, Cyber Security

Michael Clark
Michael Clark

Head of Cyber Advisory, Americas

Harriet Martin
Harriet Martin

Associate Director, Cyber Security