With 1,100 IT security decision makers and practitioners participating from 15 countries, six continents, and 19 industries, the CyberEdge’s Cyberthreat Defense Report is the most comprehensive study of security professionals’ perceptions in the industry. This study provides a 360-degree view of organizations’ security threats, current defenses, and planned investments. Consistent with findings in CyberEdge’s prior three annual reports, the 2017 report finds that network breaches are rising, under-trained employees pose the greatest security risk, and malware is more troubling than ever.
Key Findings of the 2017 Cyberthreat Defense Report
The 2017 Cyberthreat Defense Report yielded dozens of insights into the challenges faced by IT security professionals today. Key findings include:
- Held hostage by ransomware. 61 percent of respondents indicated that their organization was victimized by ransomware last year. Of those affected, 33 percent paid the ransom and recovered their data, 54 percent refused to pay but successfully recovered their data anyway, and 13 percent refused to pay and subsequently lost their data.
- Microsoft leaving the door open? One in five respondents is not satisfied with the protections Microsoft provides to secure Office 365 environments, leaving the door open for third-party security solutions.
- Rising attacks are the new norm. The percentage of organizations affected by successful cyberattacks has risen for the third-consecutive year – from 62 percent in 2014, to 70 percent in 2015, to 76 percent in 2016, and now to 79 percent in 2017. Today, three in five believe a successful cyberattack in the coming year is more likely than not.
- Now hiring. An astounding nine out of 10 respondents indicated their organization is suffering from the global shortage of skilled IT security personnel. 51 percent of respondents are leveraging external vendors and contractors to fill the void.
- Cyber insurance reaches critical mass. Three-quarters of respondents rate their organization’s level of cyber insurance investment as adequate. Less than nine percent of respondents expressed concern over insufficient coverage.
- Network deception technology excites. Of 16 network security technologies depicted in the survey, honeypots / network deception technology (41 percent) is the one most sought after in the coming year, followed by next-generation firewalls (39 percent) and user and entity behavior analytics (38 percent).
- Database and web application firewalls reign supreme. When asked which of 11 application and data-centric security technologies are currently deployed by their organizations, respondents ranked database firewalls and web application firewalls (WAFs) highest, each with a 65 percent adoption rate.
- Underinvesting in the human firewall. When respondents were asked what’s inhibiting them from securing their employers’ networks, “low security awareness among employees” was the top response for the fourth-consecutive year, followed by “lack of skilled personnel” and “too much data to analyze.”