Increasing the number of successful cyber attacks on Russian companies has changed the business approach to information security. According to a study conducted by Cyberprotett, since the summer of 2024, 85.2% of organizations have started taking data protection and cyberosis prevention more seriously. The survey revealed that over a third of organizations (38.6%) have reevaluated their cybersecurity strategies, with many participants considering data backup and antivirus systems as the most effective protection measures.
Cyberprotett interviewed approximately 300 representatives of Russian businesses from various sectors including education, healthcare, retail, industry, and IT to gauge how their perception of cybersecurity has shifted following the wave of attacks last summer. The majority of respondents (85.2%) stated that they have become more vigilant about data protection, while 14.8% reported no change in their approach to the issue. Three-quarters of participants expressed concerns about the possibility of their company falling victim to a cyber attack, with 13% viewing the risk as extremely high.
Among the respondents, data backup emerged as the most favored protection measure, with 59.7% citing it as the top tool. Antivirus protection followed closely at 58.3%, trailed by regular software updates (52.4%), access control (51.7%), and data loss prevention systems (49.7%). Notably, 38.1% of companies have recently implemented or plan to implement backup systems, while those already utilizing such systems are reevaluating their approach (40.3%).
Recent trends also indicate a growing emphasis on cultivating a cybersecurity culture within companies: over half of the respondents (51.8%) have been organizing training sessions for employees, 59.1% have enforced stricter access rules for information systems, 38.9% have revised policies governing the use of personal devices at work, and 26.1% have conducted interviews with employees to gauge their awareness of data security matters. Furthermore, 18.3% of companies have introduced penalties and other disciplinary measures for violations of information security protocols.