The ubiquitousness of cyberwarfare has become the new norm. In 2020, cyberattacks were rated the fifth highest risk for both the public and private sectors.

The situation appears to have worsened because of the Russian invasion of Ukraine in February 2022. Experts say the war has sent geopolitical shockwaves of cyberwarfare that will reverberate for years to come.

A new study published by cybersecurity company Armis, headquartered in California with R&D in Tel Aviv, says that cyberattacks can affect any organization, with critical infrastructure and “high-value” entities at the top of that list.

Armis State of Cyberwarfare and Trends Report 2022-2023 surveyed more than 6,000 IT and security professionals worldwide and across multiple industries, including healthcare, critical infrastructure, retail, supply chain and logistics, and more. The findings — gathered between September 22, 2022 and October 5, 2022 — reveal worrying trends.

These are the report’s key findings:

● One-third (of global organizations are not taking the threat of cyberwarfare seriously, identifying as indifferent or unconcerned about the impact on their organization, leaving room for security gaps.

● Nearly a quarter of global organizations feel underprepared to handle cyberwarfare. Even still, the lowest-ranking security element in the opinion of IT professionals is preventing nation-state attacks (22%).

● Over 3 in 5 IT and security professionals surveyed agree the war in Ukraine “has created a greater threat of cyberwarfare.”

● Over half (54%) of cybersecurity decision-makers said they experienced more threat activity on their network between May and October 2022 than in the six months leading up to it.

● Over half (55%) of IT professionals surveyed agree with the statement, “My organization has stalled or stopped digital transformation projects due to the threat of cyber warfare.” This percentage is even higher in specific countries, including Australia (79%), the US (67%), Singapore (63%), the UK (57%) and Denmark (56%).

● When asked about their organization’s policy on paying ransom in the event of a ransomware attack, IT professionals globally were divided in their responses. Twenty-four percent of respondents indicated their organization always pays, 31% said their organization only pays when customer data is at risk, 26% said the organization never pays, and 19% indicated that it depends on the circumstance.

● Just over three-quarters of IT professionals surveyed agree that the boards of directors are changing their organization’s attitude toward cybersecurity in the wake of the increasing threat of cyberattacks.

● Seventy-eight percent of IT professionals surveyed said when thinking about recent and ongoing sudden global events (such as the COVID pandemic, Ukraine conflict, etc.), it’s likely that their company invests more of its budget into cybersecurity. Nearly 2 in 5 (37%) think it’s very likely.

Armis cofounder and Chief Technology Officer Nadir Izrael called cyberwarfare “terrorism on steroids.”

“Clandestine cyberwarfare is rapidly becoming a thing of the past. We now see brazen cyberattacks by nation-states, often with the intent to gather intelligence, disrupt operations, or outright destroy data. Based on these trends, all organizations should consider themselves possible targets for cyberwarfare attacks and secure their assets accordingly.”