88 percent of organizations worried about state-sponsored cyberattacks

A growing sense of unease is gripping boardrooms as 88 percent of cybersecurity and information security leaders surveyed at UK and US organizations now express concern about state-sponsored cyberattacks.

The research from IO shows organizations are increasingly aware of the strategic nature of cyber risk and that the geopolitical threat is increasing, with 33 percent of organizations surveyed concerned about an expanded threat landscape targeting their own systems.

The threat of widespread data loss or inaccessibility, such as through DNS attacks or major cloud outages is cited by 41 percent of respondents. Close behind are anxieties over reputational damage if systems are compromised indirectly (40 percent) and the potential for supply chain-driven operational disruption (38 percent). Organizations are also worried about the possibility of interruptions to critical national infrastructure, including power, transport and communications (36 percent), as well as the security and availability of data hosted in regions considered to be key adversaries (35 percent).

Chris Newton-Smith, CEO of IO, says, “When it comes to threats facing CNI (Critical National Infrastructure), there is a significant national effort going into protecting vital assets. However, at the same time, it also carries a stark warning. If an organization is connected to the right systems, servicing critical infrastructure, or simply handling sensitive data, it could be targeted by nation-state adversaries.”

Businesses also cite rising regulatory scrutiny and a growing expectation from customers and partners to demonstrate resilience, each cited by around one-third of organizations. The pressure is compounded by the fact that 89 percent of organizations have experienced a cyber incident in the past year, according to IO, with the most common being data breaches (31 percent), phishing attacks (30 percent), malware infections (29 percent) and cloud breaches (27 percent). Employee and customer data remain the most vulnerable assets, heightening both the reputational and financial stakes.

“State-level cyber activity is now a real concern for businesses and resilience, not retaliation, will be the accurate measure of national and corporate defense in 2026,” says Sam Peters, chief product officer at IO. “Organizations that understand their exposure, test their defences, and secure their supply chains will be best placed to withstand the next wave of attacks.”

On a positive note the research indicates that 74 percent of cybersecurity leaders are actively investing in resilience measures to counter nation-state-linked threats. Among organizations concerned about state-sponsored attacks, 97 percent are tailoring their incident response and recovery plans, 97 percent are increasing their investment in threat intelligence, and another 97 percent are bolstering the security and resilience of their supply chains.

Peters concludes, “With the right preparation, collaboration, and robust compliance measures, we can collectively ensure that the infrastructure -- and the businesses supporting it -- are equipped to withstand even the most sophisticated attacks.”

The full report is available from the IO site.

Image credit: denisismagilov/depositphotos.com