89% of Companies Lack Adequate Cybersecurity Measures
New York, Monday, 13 January 2025.
A Cybernews report reveals only 11% of companies achieve top cybersecurity grades, exposing systemic risks and vulnerabilities, especially from China-backed cyberattacks, in corporate America.
Critical Vulnerabilities Exposed
The Cybernews Business Digital Index, released today on January 13, 2025, evaluated over 1,000 companies and uncovered alarming cybersecurity deficiencies, with 63% of companies scoring a D grade or worse [1]. The healthcare sector emerged as particularly vulnerable, with 48% of companies receiving an F grade and the lowest average security score of 69 across all industries [1]. This vulnerability is especially concerning given that 73% of small and medium-sized businesses reported experiencing data breaches or cyberattacks in the past 12 months [2].
Global Security Performance Gap
The study reveals significant regional disparities in cybersecurity preparedness. Asian companies recorded the lowest average cybersecurity score of 68, while the Middle East led with 77, followed by Europe and Oceania at 76, and North America at 72 [1]. The widespread nature of vulnerabilities is evidenced by nearly universal SSL configuration flaws, affecting 99% of assessed companies [1]. Other critical weaknesses include phishing and malware exposure (86%) and network security vulnerabilities (84%) [1].
Rising Threat Landscape
The urgency for improved cybersecurity measures is underscored by a 56% increase in cyberattacks during the first three quarters of 2024 [2]. Recent incidents highlight the escalating threats, including a critical security vulnerability (CVE-2025-0282) in Ivanti Connect Secure appliances, which has been actively exploited since mid-December 2024 [4]. The situation is particularly dire for small businesses, which are targeted in over 40% of cyberattacks [2].
Call to Action
Information Security Researcher Aras Nazarovas from Cybernews emphasizes that ‘cybersecurity is no longer a mere technical issue, and it must be prioritized by every company’ [1]. The report’s findings come as various sectors face increased sophisticated threats, with recent attacks targeting institutions like Eindhoven University of Technology, which was forced into emergency shutdown on January 13, 2025 [5]. Companies are urged to implement comprehensive security measures, with CISA offering free cybersecurity audits and resources for businesses seeking to improve their security posture [2].