There's an emerging wealth gap in cybersecurity as organizations in wealthier regions demonstrate better cybersecurity defenses and lower cyber risk compared to poorer regions, SecurityScorecard said Monday in a report released at the World Economic Forum Annual Meeting.
The Cyber Resilience Scorecard studied cyber risk as it correlates to gross domestic product and concluded a “nation’s economic prosperity is deeply intertwined with its ability to navigate the complex landscape of cyber threats.”
Organizations in regions with less money to invest in cybersecurity are more likely to experience a data breach, the study found. Regions with a “C” cyber hygiene score, which comprises the majority of countries globally, are almost twice as likely to experience a data breach as regions with a “B” grade.
SecurityScorecard threat hunters analyzed the cyber capabilities of 6.3 million organizations across 189 countries and combined their findings with data from GDP per capita economic data published by the International Monetary Fund in 2022.
“Organizations in higher GDP regions have access to more modern technology and consistent cybersecurity hygiene than those with lower GDP due to the ability to invest more in tech,” Ryan Sherstobitoff, SVP of threat research and intelligence at SecurityScorecard, said via email.
The company’s data-driven cybersecurity scoring system monitors more than 250 types of signals, including network security, endpoint security and patching cadence to establish grades. Cyber risk is based on threat intelligence and data breach reports.
SecurityScorecard assigned low "B" cyber hygiene scores to organizations in Northern Europe, Western Europe, Central Europe, Australia and New Zealand, North America and the Middle East. No region earned a cyber hygiene score above 83%.
Every other region in the world received cyber hygiene scores in the low to high "C" range. While the score for most regions correlated to GDP per capita, some regions were outliers.
Australia and New Zealand earned a higher score than their GDP per capita would predict, and Central Asia and the Caucasus region had a lower score than SecurityScorecard expected.
Researchers also determined organizations in information services and technology were the sectors most affected by data breaches across more than 110,000 security incidents reviewed by SecurityScorecard. These two sectors composed roughly one-third of all security incidents in SecurityScorecard’s database.
IT companies serve as a gateway into other corporate environments, including hosted or services provided to these organizations, according to Sherstobitoff.
“Recent cyberattacks spotlight how a single chink in the armor can cause a global digital forest fire,” Sherstobitoff said.
“A company’s attack surface goes beyond its internal networks and technologies — it consists of its vendors, vendors’ vendors, customers, and partners,” Sherstobitoff said. “Organizations are opening themselves up to significant cyber risk by failing to manage supply chain risk properly.”