5 Key Takeaways From the New Kaseya Cybersecurity Survey Report 2024
Our annual Kaseya Cybersecurity Survey Report offers insights into the cybersecurity experiences of internal IT professionals in the past 12 months. We’re proud to release the 2024 edition of that eagerly awaited report during Cybersecurity Awareness Month. This year, we asked IT professionals about their experiences with cybercrime in the past year as well as cybersecurity governance and how AI has impacted their roles. In the report, we took a deep dive into how the increasing frequency and severity of cybersecurity attacks are reshaping business and IT strategies as well as the impact of rising costs. Our research clearly shows that IT professionals face many challenges in today’s turbulent threat landscape.
Download the Kaseya Cybersecurity Survey Report 2024. GET IT NOW>>
5 insights that illuminate today’s cybersecurity challenges
Key themes from this year’s data highlight persistent cybersecurity threats, like phishing and ransomware, underscoring the need for robust security measures and continuous employee training. Overall, this year’s major themes reflect the dynamic nature of the cybersecurity landscape, the importance of vigilance and why innovation in tools and strategies matters.
- Fewer companies are paying ransomware demands. Only 11% of victims claimed to have done so, which aligns with data suggesting that the impact of attacks is less severe, likely due to increased investment in backup and recovery technologies.
- The percentage of organizations facing supply chain attacks has significantly decreased. In 2023, 61% of respondents reported experiencing such attacks, but this figure fell sharply to 19% in 2024.
- The human element continues to be the weakest link in cybersecurity. An alarming 80% of respondents cited a lack of training or bad user behavior as the biggest causes of cybersecurity challenges.
- Cybersecurity maturity levels continue to rise, as evidenced by the increased investments in advanced security tools and services, such as EDR and MDR, which correlates to a reduction in incident costs and downtime.
- Opinions on the impact and usefulness of AI in cybersecurity are mixed, with approximately one-third of survey respondents reserving judgment on the benefits of AI for defenders, which indicates skepticism remains around this emerging technology.
Take a deep dive into why an AI-powered anti-phishing solution is a smart financial choice. GET EBOOK>>
What are the leading cybersecurity issues impacting businesses?
A look at historical data gives us insight into which cybersecurity issues remain constant concerns. Phishing remains the top issue for businesses, both historically (58%) and in the past 12 months (50%). While we see encouraging indications that businesses have experienced fewer issues in the past 12 months, it’s important to note that some issues are evergreen and require ongoing vigilance.
Which of the following cybersecurity issues have impacted your business?
| Issue | Ever | Past 12 months |
| Phishing messages | 58% | 50% |
| Computer viruses or malware | 44% | 29% |
| BEC | 34% | 28% |
| Ransomware | 26% | 15% |
| Personal information or credential theft | 24% | 17% |
| Supply chain attack | 11% | 17% |
| Zero day exploit | 8% | 6% |
Source: Kaseya
Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>
The top root cause of cybersecurity issues is people
User-related security issues are the biggest causes of distress for IT professionals. Two-thirds of respondents point to lack of end-user or administrator training as a top security woe. The percentage of organizations citing lack of end-user cybersecurity training as a root cause has increased from 28% in 2023 to 44% in 2024. Nearly half of the respondents also pointed to poor user practices or gullibility as a top cause of trouble, tripling from 15% in 2023 to 45% in 2024. Regardless of whether this is true, the perception of IT professionals is that users are the root of most cybersecurity trouble. This trend looks to continue in 2025, as seen in Figure 28.
What are the top three root causes of your cybersecurity issues?
| Issue | 2024 | 2023 |
| Poor user practices/gullibility | 45% | 15% |
| Lack of end-user cybersecurity training | 44% | 28% |
| Lack of funding for IT security solutions | 33 | 21 |
| Insufficient security support for different types of user devices | 29 | 26 |
| Weak passwords or access management | 25 | 10 |
| Lack of executive buy-in for adopting security solutions | 23 | 22 |
| Lack of administrator cybersecurity training | 22 | 25 |
| Outdated security patches | 19 | 13 |
| Lack of defense solutions (antivirus) | 15 | 28 |
| Open Remote Desktop Protocol (RDP) access | 14 | 13 |
Source: Kaseya
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
Good news: The cost of a cybersecurity incident is dropping
In 2024, businesses experienced fewer high-cost cybersecurity incidents compared to 2023. The investments that businesses are making in cybersecurity and incident response are paying off, with the percentage of businesses reporting high-cost incidents ($250,000 to $500,000) dropping from 25% in 2023 to just 5% in 2024. This sharp decline could indicate that businesses are experiencing less severe attacks and have implemented better incident response controls to limit financial damage. Additionally, 35% of organizations reported no incidents in 2024 — a significant improvement from 9% in 2023.
If you’ve experienced a cybersecurity incident, what was the total cost to the business, including lost revenue, lost productivity and recovery?
| Total cost of a cybersecurity incident | 2024 | 2023 |
| Less than $10,000 | 22% | 16% |
| $10,000 to less than $50,000 | 7% | 17% |
| $50,000 to less than $100,000 | 10% | 17% |
| $100,000 to less than $250,000 | 8% | 18% |
| $250,000 or more or less than $500,000 | 5% | 25% |
| I don’t know | 13% | 4% |
| We have not experienced a cybersecurity incident | 35% | 9% |
Source: Kaseya
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
About our survey respondents
It is important to note that in 2024, we had a significant uptick in survey responses from larger organizations, which may reflect fast growth in the industry. The percentage of responses from companies with more than 3,000 employees more than doubled, increasing from 7% in 2023 to 17% in 2024. We received responses from business IT professionals around the world in a wide array of industries and companies of various sizes
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
A strong defense against cyberthreats starts with strong solutions
Our cybersecurity solutions offer the tools that MSPs and internal IT teams need to mitigate cyber-risk for businesses quickly and affordably.
BullPhish ID – This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.
Dark Web ID – Our award-winning dark web monitoring solution is the channel leader for good reason. It provides the greatest amount of protection around with 24/7/365 human- and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.
Graphus – This automated anti-phishing solution uses AI and a patented algorithm to catch and quarantine dangerous messages. It learns from every organization’s unique communication patterns to continuously tailor protection without human intervention. Best of all, it deploys in minutes to defend businesses from phishing and email-based cyberattacks, including zero day, AI-created and novel threats.
RocketCyber Managed SOC – Our managed cybersecurity detection and response (MDR) solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.
Book a demo of BullPhish ID, Dark Web ID, RocketCyber and Graphus. BOOK IT>>
Read our case studies and see how MSPs and businesses have benefitted from using our solutions. READ NOW>