ANNAPOLIS, Md.--(BUSINESS WIRE)--CyberEdge Group, a premier research and marketing firm serving the security industry’s top vendors, today announced immediate availability of its second-annual Cyberthreat Defense Report, providing a 360-degree view of organizations’ security threats, current defenses, and planned investments. Consistent with the findings in last year’s inaugural Cyberthreat Defense Report, the 2015 report finds that while IT security spending is increasing, confidence is falling, with the majority of respondents expecting to be breached in the next 12 months, despite all of their efforts.
In surveying more than 800 security decision makers and practitioners, the Cyberthreat Defense Report found that more than 70 percent of respondents’ networks had been breached in 2014 — up from 62 percent in 2013 — with more than 20 percent breached six times or more. For the first time, a majority of respondents (52 percent) now believe a successful cyberattack is likely in the coming year — up from 39 percent in last year’s report.
Key Findings
The 2015 Cyberthreat Defense Report yielded dozens of insights into the challenges faced by IT security professionals today. Key findings include:
- No shortage of cyberthreat challenges. In 2014, 71 percent of respondents’ networks were breached with 22 percent of them victimized six or more times. This is a significant increase from the preceding year, which saw 62 percent of respondents’ networks breached, with 16 percent of them victimized by six or more successful cyberattacks.
- Waking up to a new reality. A majority (52 percent) of respondents felt that a successful cyberattack against their network was likely in the next 12 months, compared to just 39 percent in 2013.
- Phishing, malware, and zero-days top of mind. Of 10 designated categories of cyberthreats, phishing/spear-phishing, malware, and zero-day attacks are perceived as posing the greatest risk to responding organizations. Denial of service attacks, watering hole attacks, and drive-by downloads are of least concern.
- Security spending continues to rise. Survey results indicate that 62 percent of respondents expect their security budgets to increase this year, up from 48 percent last year. Respondents also indicate that, on average, 6-10 percent of their organizations’ IT budgets are spent on security, with one in five organizations spending 16 percent or more.
- Enterprise mobility management holds firm. For the second straight year, mobile device and application management (MDM/MAM) is the top mobile security solution respondents plan to implement in the next 12 months. This is no surprise as nearly six in 10 participants saw a rise in mobile device threats in the preceding 12 months.
- Security analytics in top demand. Security analytics / full-packet capture and analysis is the most commonly cited network security technology planned for future acquisition, followed by threat intelligence services and next-generation firewalls.
- Fed up with inadequate endpoint defenses. A whopping 67 percent indicated their intent to evaluate alternative endpoint anti-malware solutions to either augment (34 percent) or replace (33 percent) their existing endpoint products. This number is markedly up from 56 percent in last year’s survey.
- Continuous monitoring now mainstream. Half of those surveyed rely on continuous monitoring technologies for discovering network assets, achieving policy compliance, and mitigating vulnerabilities and security misconfigurations. This is a positive trend for the industry, as only 38 percent of respondents conduct full-network scans more often than quarterly.
“Cyberthreats hit an all time high in 2014, in terms of not only the number of breaches but their impact on all aspects of business. Who would have thought that we would see a time when a simple movie would spur attacks that forced an entire industry to publicly address the way it thinks about privacy, piracy, and geopolitical implications of the product it produces,” said Steve Piper, CEO of CyberEdge Group. “For the first time in our research, a majority of participants predict their networks will become compromised in 2015. These are indeed dangerous times, but there is still cause for optimism as organizations take active steps to prepare for the unexpected. Welcome to the new reality.”
“It’s no surprise that security analytics is the most commonly cited network security technology planned for acquisition in this year’s report,” said Hugh Thompson, chief technology officer of Blue Coat Systems. "This technology, coupled with SSL visibility and malware analysis capabilities, is reducing the time and effort needed to detect and eliminate sophisticated threats. Organizations are realizing that being prepared for advanced threats is the key to quick resolution and risk mitigation.”
“A key takeaway from this year’s Cyberthreat Defense Report is the dramatic rise in mobile device threats,” said Kurt Roemer, chief security strategist at Citrix. “With workforce mobility skyrocketing, mobile device and application management technologies are critical for maintaining the confidentiality and integrity of sensitive data. We’re proud to partner with CyberEdge Group to raise awareness of this issue.”
In November and December 2014, more than 800 IT security decision makers and practitioners representing 19 industries across North America and Europe participated in a 27-question online survey. Each participant is employed by a commercial or government entity with a minimum of 500 employees.
The 2015 Cyberthreat Defense Report is designed to complement Verizon’s annual Data Breach Investigations Report, which evaluates the cyberthreat landscape and describes how threats are used to penetrate computer networks. This report assesses organizations' security posture, gauges perceptions about cyberthreats, and ascertains future plans for improving security and reducing risk. It provides deep insights into how IT security professionals perceive cyberthreats and what they’re doing to defend against them.
The 2015 Cyberthreat Defense Report was sponsored by several leading information security vendors, including:
- Platinum sponsors: Blue Coat Systems and Citrix Systems
- Gold sponsors: NetIQ, PhishMe, Tenable Network Security, ThreatTrack Security, and Webroot
- Silver sponsors: CloudLock, Cylance, Endgame, iSIGHT Partners, and Triumfant
Report Available Now
The 2015 Cyberthreat Defense Report is available now through each of the above sponsors and by connecting to the CyberEdge Group website at www.cyber-edge.com/2015-cdr.
About CyberEdge Group
CyberEdge Group is an award-winning research, marketing, and publishing firm serving the diverse needs of information security vendors and service providers. Headquartered in Annapolis, Maryland with consultants based across North America and Europe, CyberEdge boasts more than 40 of the security industry’s top vendors as clients. The company’s annual Cyberthreat Defense Report provides information security decision makers and practitioners with practical, unbiased insight into how enterprises and government agencies in North America and Europe are defending their networks against today’s complex cyberthreat landscape. For more information, visit www.cyber-edge.com.
The CyberEdge Group name and logo are trademarks of CyberEdge Group, LLC in the United States and other countries. All other trademarks and service marks are the property of their respective owners.