CyberEdge Group’s comprehensive annual study and infographic of 1,100 security professionals’ perceptions of the industry.
Research Highlights
Current Security Posture
- Rising attacks. Nearly four in five respondents’ organizations were affected by a successful cyberattack in 2016, with a full third being breached six or more times in the span of a year (page 6).
- Optimism reigns. More than a third of respondents consider it unlikely their organization will be the victim of a successful cyberattack in 2017 (page 7).
- Mobile devices weakest tech component. For the fourth consecutive year, mobile devices are perceived as IT security’s weakest link, closely followed by other end-user computing devices (page 8).
- Developing secure apps weakest process. Secure application development and testing is the security process organizations struggle with the most, followed by user awareness training (page 9).
- Failure to monitor privileged users. Only a third of respondents are confident their organization has made adequate investments to monitor the activities of privileged users (page 10).
- Patch management woes. Less than a third of respondents are confident their organization’s patch management program effectively mitigates the risk of exploit-based malware (page 11).
- Cyber insurance pulling its weight. Three-quarters of respondents rate their organization’s level of investment in cyber insurance as adequate (page 12).
Perceptions and Concerns
- Threats keeping us up at night. Malware, phishing, and insider threats give IT security the most headaches (page 13).
- Ransomware’s bite out of the budget. Six in 10 respondents said their organization was affected by ransomware in 2016, with a full third electing to pay the ransom to get their data back (page 14).
- Ransomware’s biggest nightmare. The potential for data loss is the greatest concern stemming from ransomware, while the potential for revenue loss trails the field (page 15).
- Microsoft leaving the door open? With two-thirds of respondents not fully satisfied with Microsoft’s security measures for Office 365, the door remains open for third-party security solutions (page 16).
- Employees still to blame. Low security awareness among employees continues to be the greatest inhibitor to defending against cyberthreats, followed closely by a shortage of skilled personnel and too much data for IT security teams to analyze (page 17).
