New findings from Garda illuminate the cyber risk landscape, drawing on insights from 300 leaders across the Russian business sector. The results show that cyber incidents are a recurring challenge for many organizations, with a meaningful share reporting events every year. In practical terms, this translates to a typical company facing at least one major security event annually, and a notable portion experiencing more frequent clashes with attackers. For organizations operating in Canada and the United States, the takeaway is clear: threat activity is an ongoing risk that demands proactive planning, continuous monitoring, and prepared defenses.
The study indicates that nearly half of the surveyed companies experience cyber incidents at least once per year, and more than a third report higher-frequency attacks. While automation can streamline certain responses, a considerable share of leaders remains hesitant to automate threat handling. Specifically, about one in three respondents express reluctance to automate, and only a small fraction around 6% have established processes that run without direct involvement from information security professionals. For teams in Canada and the United States, these results mirror a global pattern: automation can shorten response times and free security experts for complex decisions, yet adoption varies across industries and regions.
The research highlights the most common attack types: phishing affects roughly eight in ten organizations, distributed denial of service (DDoS) attacks impact about half, and social engineering follows closely at around 45%. These figures underscore the persistent risk surface that modern enterprises face, where human error remains a frequent entry point for breaches. Interestingly, cloud vulnerabilities did not emerge as a stated threat among respondents, a detail that may reflect the specific context of the sample or shifting risk perceptions as cloud security practices mature in many markets. Still, for firms in North America, cloud security remains a critical area for risk assessment, governance, and investment, given the growing use of cloud-first strategies and hybrid environments.
There is also a clear split in attitudes toward proactive defense: roughly a third of respondents do not favor automated threat-response tools, while a majority—about 65%—are open to implementing or already using partially automated response workflows. This divide mirrors a broader debate in the security community about balancing human oversight with machine-driven decisions. Organizations that blend automation with expert analysis can shorten containment times, preserve forensic evidence, and coordinate responses across multiple teams and systems. For security leaders in North America, the message is not to chase automation for its own sake but to design layered defenses that leverage automation where it adds tangible value while preserving crucial human judgment for nuanced investigations and policy alignment.
As the threat landscape changes, executives should evaluate the entire lifecycle of security operations, from proactive risk assessment and employee training to incident detection, containment, and recovery. The Garda study serves as a reminder that even with high awareness of common attack vectors, gaps can exist in readiness, especially when it comes to automation and rapid decision-making. Implementing a clear incident response plan, conducting regular simulations, and governing security tools can help organizations achieve faster triage, better collaboration between IT and risk teams, and stronger protection against phishing, DDoS, and social engineering attempts. In short, whether in Russia, North America, or elsewhere, resilience rests on a balanced blend of people, processes, and technology that keeps pace with an ever-changing threat landscape.
In response to recent developments, organizations should stay vigilant about new scams, including those that target health-related apps and other widely used digital services. Ongoing staff education, continuous security monitoring, and adaptive defense strategies are essential to outpace cybercriminals who keep refining their methods to exploit fresh opportunities.