CyberEdge Group’s comprehensive annual study and infographic of 1,100 security professionals’ perceptions of the industry.
Current Security Posture
Rising attacks. Nearly four in five respondents’ organizations were affected by a successful cyberattack in 2016, with a full third being breached six or more times in the span of a year (page 6).
Optimism reigns. More than a third of respondents consider it unlikely their organization will be the victim of a successful cyberattack in 2017 (page 7).
Mobile devices weakest tech component. For the fourth consecutive year, mobile devices are perceived as IT security’s weakest link, closely followed by other end-user computing devices (page 8).
Developing secure apps weakest process. Secure application development and testing is the security process organizations struggle with the most, followed by user awareness training (page 9).
Failure to monitor privileged users. Only a third of respondents are confident their organization has made adequate investments to monitor the activities of privileged users (page 10).
Patch management woes. Less than a third of respondents are confident their organization’s patch management program effectively mitigates the risk of exploit-based malware (page 11).
Cyber insurance pulling its weight. Three-quarters of respondents rate their organization’s level of investment in cyber insurance as adequate (page 12).
Perceptions and Concerns
Threats keeping us up at night. Malware, phishing, and insider threats give IT security the most headaches (page 13).
Ransomware’s bite out of the budget. Six in 10 respondents said their organization was affected by ransomware in 2016, with a full third electing to pay the ransom to get their data back (page 14).
Ransomware’s biggest nightmare. The potential for data loss is the greatest concern stemming from ransomware, while the potential for revenue loss trails the field (page 15).
Microsoft leaving the door open? With two-thirds of respondents not fully satisfied with Microsoft’s security measures for Office 365, the door remains open for third-party security solutions (page 16).
Employees still to blame. Low security awareness among employees continues to be the greatest inhibitor to defending against cyberthreats, followed closely by a shortage of skilled personnel and too much data for IT security teams to analyze (page 17).