How has the security of Russian companies changed over the year? Sharing the research results

Incidents and their culprits

• For the third year in a row, the trend towards an increase in the number of external attacks continues. In 2023, 35% of respondents noted that hackers began to harm companies more often.

• An increase in internal incidents (data leaks caused by employees, industrial espionage, corporate fraud, etc.) was noticed by only 16% of respondents. Compared to 2022 in general, Russian companies began to record internal incidents more often (by 3% on average).

• In 2023, attempts at an external attack through an employee were recorded in 20% of companies. A year earlier, 11% of respondents reported similar incidents.

• 18% of respondents noted that their employees know information security rules well, 50% rated their level of knowledge as average. 30% of respondents answered that their employees do not know information security rules well. 2% of survey participants found it difficult to answer.

• Leaks or disclosure of information traditionally top the list of internal violations. In 2023, 66% of Russian companies encountered information leaks due to the fault of employees. This is 22% more than last year.

• Most often, attempts to leak data were encountered in the financial sector (80%), construction (78%) and the oil and gas industry (74%). Leaks were recorded least often in industry (60%).

• In most cases, insiders were interested in information about clients and transactions (42%). More often than last year, companies encountered attempts to leak personal data – noted by 37% of respondents (this is 5% more than in 2022).

• Respondents name the line employee as the main violator of information security rules from year to year (71%). Violations by contractors and freelance specialists were encountered in 14% and 13% of companies, respectively.

• In the event of a data leak, more than half of the surveyed companies are ready for dialogue with regulators (32%), victims (5%) and the public (22%). 85% of survey participants plan to conduct a closed investigation.

Security

• In 2023, 40% of Russian companies increased their information security budgets; in 2022, this figure was 28%.

• Top 3 information security measures for which companies allocated funds that increased their budgets: renewal of license keys for security solutions (73%), purchase of new equipment and software (70%) and import substitution of foreign solutions (52%).

• A cross-section of industries shows that in 2023, the energy industry will allocate the most budgets for security, as stated by 57% of respondents. Financial organizations (49%) and logistics and transport companies (43%) are also increasing their budgets.

• 24% actively switched to domestic OS and databases this year, another 48% of companies plan to replace imports in the near future, and 1% of companies participating in the survey completed the process completely. 27% of organizations do not plan to switch to domestic solutions.

Information security personnel

• The shortage of personnel in the information security field remains a pressing problem throughout the world – according to average estimates, Russia lacks 500-700 thousand specialists. According to our data, 78% of companies experience a shortage of information security specialists to varying degrees.

• The search for personnel is most difficult for government organizations: 73% of them face the problem of finding information security specialists versus 64% in the commercial sector.

• More than half of Russian companies (52%) cope with the shortage of personnel by retraining their employees. Companies are also trying to attract graduates (26%) and ready-made specialists (35%). 16% of companies participating in the survey solve personnel problems through outsourcing.

These are just some of the statistics from our research. You can download the full report with charts, industry analytics, conclusions and forecasts at link.