Cloud computing and virtualisation company VMware said government and local authorities fared the worst with 2.54 breaches apiece, while a third of media and entertainment firms suffered three or more breaches.
Attacks by customised malware topped the table, with 19% of respondents being hit, the same percentage as last time.
Forty-three percent of financial services firms were at the mercy of custom malware, compared to an average of 19%. Healthcare companies were proportionally more affected by process hollowing attacks, with 19% experiencing it, compared to an average of 10%.
- Ninety-four percent said attack volume had increased in the last 12 months;
- Ninety-six percent said their businesses had suffered a security breach in the last 12 months, with the average being two breaches;
- Eighty-eight percent said attacks had become more sophisticated;
- Ninety-six percent said they planned to increase cyber defence spending in the coming year;
- Operating system vulnerabilities and third-party application attacks, with 18% each, were the leading cause of breaches followed by Web application attacks.
- Australian companies said they were using an average of seven different security technologies.
VMware also ran a survey on the impact COVID-19 had had on the attack landscape. More than 1000 respondents from the US, UK, Singapore and Italy took part and 91% of cyber security professionals said attack volumes had increased as more employees worked from home.
Ninety-two percent said their organisations have experienced cyber attacks linked to COVID-19 malware.
VMware Carbon Black cyber security strategist Rick McElroy said: "Island-hopping is having an increasing breach impact with 11% of our survey respondents citing it as a main cause of breaches. In combination with other third-party risks, such as third-party apps and the supply chain, it's clear the extended enterprise is under pressure.
"The global situation with COVID-19 has put the spotlight on business resilience and disaster recovery planning. Organisations that have delayed implementing multi-factor authentication appear to be facing challenges, as 29% of global respondents say the inability to implement MFA is the biggest threat to business resilience they are facing right now.
"These figures indicate that the surveyed CISOs may be facing difficulty in a number of areas when answering the demands placed on them by the COVID-19 situation."