This blog contains real-world incidents of how companies have lost millions of dollars due to weak security posture, and why even a single vulnerability must not be overlooked. Read this blog to find out why companies need to fix their security posture—but before that, they must find out the current state of security.
In 2024, Orion, one of the world’s leading manufacturers of carbon black material, suffered a costly cyber attack that resulted in losses of approximately USD 60 million. The company was caught off guard when an employee was deceived into making multiple wire transfers amounting to the figure mentioned above.1
This incident is an example of a business email compromise (BEC) attack, where cyber criminals impersonate a person of authority within an organization via email. Their goal is to manipulate employees into making critical mistakes, such as disclosing sensitive information, leaking data, or transferring funds fraudulently.
BEC attacks rely heavily on social engineering tactics and are becoming more common than many realize. In the United States alone, BEC scams caused estimated losses of USD 2.9 billion in 2023.2 The Federal Bureau of Investigation (FBI), recognizing the severity and widespread nature of the issue, released statistics and preventive recommendations, primarily focused on encouraging incident reporting. However, the root problem lies in understanding why such attacks succeed in the first place.
Usually, the organization's cyber security posture is to blame. Misconfigured systems, outdated security tools, weak access controls, and overlooked vulnerabilities can go undetected for months or even years, until attackers exploit them.
Typically, companies begin remediation only after an incident has occurred, often too late. In Orion’s case, the company launched an internal investigation to assess the breach's impact and identify vulnerabilities. It also worked closely with law enforcement and regulatory agencies in response to the incident.
But that is a typical reactive response. Not all businesses can afford to bounce back from an attack. Some may face an existential crisis, while others experience operational disruptions that lead to devastating consequences.
For instance, in 2024, a major Australian e-prescription provider, MediSecure, suffered a ransomware attack in which approximately 6.5 TB of data was stolen, affecting about 12.9 million Australians. The data was reportedly made available on the dark web. The incident forced the company offline for an extended period and disrupted its operations for more than 30 days.3
Soon after the incident, the company experienced severe financial stress. It had to seek a financial bailout and eventually involved external agencies to keep the business afloat. MediSecure also lost its primary government contract as a result of the breach.
The only effective way to minimize or avoid damage of this scale is to strengthen the organization's security posture. This should be a top priority and key performance indicator for any chief information security officer (CISO), especially considering that 98% of CISOs expect cyber attacks to increase over the next three years.4
Given this evolving threat landscape, organizations must prioritize getting their security posture right. A good starting point is to assess the current architecture and identify existing vulnerabilities. It is important to remember that improving security posture is more about fixing security gaps than simply investing in new tools.
If not done already, a practical first step is to establish a security baseline. This includes conducting comprehensive security assessments and risk-based evaluations of the entire technology environment. Key areas to assess include networks, endpoints, smart devices, applications, data, users, processes, and database infrastructure. The goal here is to understand how systems are protected, monitored, accessed, and maintained.
Imagine an organization assessing its endpoint security posture. A typical assessment would uncover details such as the total number of endpoints on the network, how many of them are secured, whether any laptops are still running outdated security software, and whether there are devices with antivirus or firewalls disabled, among other findings.
This type of assessment reveals insights that might otherwise go unnoticed. A few laptops missing security updates may seem insignificant, but they can become the root cause of a security breach. In fact, 68% of organizations have suffered a cyber attack resulting in a data breach due to unsecured endpoints.5
This highlights the fact that even a single vulnerability can lead to a breach, it’s just a matter of time. A well-known example is the infamous Equifax breach, where the USA-based credit reporting company incurred over USD 1.4 billion in settlements after exposing the personal data of 147 million Americans. The breach occurred due to a single vulnerability in a web application that was exploited by hackers. This case demonstrates that no risk is too small to be ignored.6
And this is far from a rare occurrence. One report revealed that 70% of web applications contain severe security gaps.7 Therefore, a comprehensive risk assessment typically begins by mapping the existing architecture, including both cloud and on-premises systems, and then identifying gaps in policies, configurations, and controls.
Frameworks such as the NIST Cyber Security Framework, ISO/IEC 27001, CIS Critical Security Controls, and SOC 2 can be used as references, depending on the industry. For example, companies handling financial data and payment systems may need to follow PCI DSS. These frameworks offer structured and repeatable processes to assess and strengthen an organization's security posture.
Additionally, organizations can use these frameworks to identify gaps, enforce best practices, ensure compliance, and reduce risk. Complementary practices such as vulnerability scans, configuration assessments, identity access reviews, and penetration testing should also be conducted to uncover weak points. According to one report, more than five vulnerabilities were discovered every minute in the past 12 months.8
Vulnerability scanning and penetration testing differ significantly in both approach and objective. The former is designed to identify known weaknesses, outdated software, and misconfigurations through automated scans. In contrast, the latter simulates real-world attacks to actively exploit those vulnerabilities and assess their potential business impact. While both are necessary, penetration testing often reveals issues that regular scans may fail to detect.
It is also essential to evaluate the maturity and effectiveness of existing controls. Questions must be addressed regarding whether firewalls are properly configured, multi-factor authentication is enforced on high-risk accounts, and logs are being centrally collected and reviewed. Many organizations assume they are secure simply because security tools are in place. However, unless those tools are effectively deployed, properly configured, and actively monitored, they provide minimal real protection.
Beyond technical tools, organizational processes must also be reviewed. Incident response procedures should be documented and regularly tested. Data backup and recovery mechanisms must be reliable and consistently verified. Patching practices need to be timely and maintained without gaps.
Finally, organizations should develop a risk register that maps vulnerabilities to potential business impact, allowing them to prioritize remediation based on actual risk exposure rather than assumptions. This comprehensive assessment provides the foundation for a tailored and actionable plan to strengthen the organization’s security posture.
Once the current state is clearly understood, organizations must shift focus to remediation and reinforcing their defenses in a phased and prioritized manner. The core objective should be risk reduction, starting with the most critical vulnerabilities and high-value assets that could lead to maximum disruption if compromised.
The first set of actions should involve correcting misconfigurations, patching known vulnerabilities, and enforcing strong identity controls, especially around privileged access. These steps lay the groundwork for a stronger, more resilient cyber security posture.
Patch management might appear to be a simple solution, but in reality, it is highly effective. More than half of all data breaches globally can be prevented through timely updates and patching. Approximately 84% of companies have high-risk vulnerabilities, and 50% of these vulnerabilities can be eliminated simply by updating the software.9
If legacy systems and applications cannot be updated, they should be hardened by disabling unnecessary features and services or isolated to reduce their exposure. All Internet-facing assets must be protected with strict access controls and continuous monitoring.
The next step is to establish a solid baseline of security controls across critical domains. This includes implementing endpoint detection and response (EDR), enabling encryption for sensitive data, and enforcing multi-factor authentication (MFA) across all systems, especially those accessed remotely.
Network architecture should be evaluated and restructured where needed, incorporating network segmentation and zero trust principles to limit lateral movement in the event of a breach. Zero trust security has been shown to help organizations reduce the financial impact of breaches by approximately USD 1 million.10
In cloud environments, misconfigurations remain one of the top security risks. Deploying cloud security posture management (CSPM) tools and aligning with secure configuration benchmarks is essential to reduce this threat.
Organizations must also enhance their visibility and response capabilities. Implementing centralized log management or a security information and event management (SIEM) solution enables real-time monitoring and faster threat detection. Automated alerting mechanisms and predefined incident response playbooks help streamline response processes. Automation and artificial intelligence (AI) play a significant role in improving the security posture, preventing breaches, and reducing impact. These technologies can save organizations an average of USD 2.2 million by avoiding costly breaches.11
Equally important is recovery. Backup solutions must be tested regularly, and modern vaulting techniques such as immutable backups or isolated recovery environments should be adopted to prepare for ransomware scenarios. Each of these improvements should be mapped back to the original risk findings to create a closed-loop process and support continuous security maturity.
While technology and tools are critical, a strong security posture needs security awareness to be woven into the company culture. Fifty-seven percent of cyber attacks stem from phishing and social engineering, and multiple reports suggest that human factors are the root cause in 75-95 percent of cyber incidents.12
Employees across departments should undergo regular, role-based security training that goes beyond ticking compliance checklists. Simulated phishing exercises, secure data handling workshops, and incident reporting drills help build a culture of vigilance. People are often the weakest link in the security chain, but with the right training, they can become the first line of defense. Training and awareness initiatives can therefore significantly reduce incidents; in fact, up to 70% of attacks can be prevented.13 These programs not only deliver strong returns on investment, but also help teams become more cautious when handling sensitive data and IT systems.
Leadership support is essential. Security teams must align with business goals and communicate risks in business terms. C-suite sponsorship ensures funding, promotes collaboration, and reinforces security as a core priority. Dashboards, KPIs, and executive briefings enhance transparency and accountability.
In today’s rapidly evolving threat landscape, organizations must regularly test their defenses through red teaming, penetration testing, incident response simulations, and configuration reviews to ensure that controls remain effective and up to date.
Companies with strong incident response capabilities and those that regularly test their systems save approximately USD 2.66 million compared to those that do not.14
Security postures can degrade over time due to factors such as new technology deployments, changing user behavior, and evolving threat landscapes. This makes regular reassessment and tuning essential. Organizations that prioritize investments based on actual exposure and risk are three times less likely to experience a cyber attack.15
For many organizations, particularly those with limited in-house expertise, partnering with managed security service providers (MSSPs) or leveraging managed detection and response (MDR) services can deliver substantial benefits. These services offer access to skilled analysts, round-the-clock monitoring, and advanced threat intelligence—capabilities that are often difficult to sustain internally.
Ultimately, building and maintaining a resilient and strong security posture goes beyond tools and technology. It requires ongoing attention, continuous education, and cross-functional collaboration across the entire organization.
If you are looking to evaluate and strengthen your security posture, T-Systems can help you get started. With deep expertise in cyber security, a global network of SOCs, and a team of over 2,600 professionals, we’re equipped to support your journey towards a more resilient and secure organization.
Get in touch with us today to take the next step.
1 Orion Data Breach Article, 2024, CEN News
2 BEC Article, 2025, Proofpoint
3 MediSecure Data Breach Article, 2024, Forbes
4 CSC Survey, 2025, CSC Global
5 Endpoint Security Statistics, 2025, SpyHunter
6 The Equifax Hack Article, 2025, Framework Security
7 Security Gaps Statistics, 2025, Security Magazine
8 Cyber Security Vulnerability Statistics, 2025, Astra
9 Cyber Security Vulnerability Statistics, 2025, Astra
10 Zero Trust Implementation Article, 2024, Managed Services Journal
11 Cost of Data Breach, 2024, IBM
12 The Human Factor and Cybersecurity Article, 2025, RSA Conference
13 Security Awareness Statistics, 2025, Keepnet Labs
14 Cyber Security Incident Response Article, 2025, Balbix
15 Cyber Security Threat Management Article, 2023, Gartner
