Perceptions and buying practices of infosec decision makers

CyberEdge Group surveyed 1,000 IT infosec decision makers and practitioners from 10 countries, five continents, and 19 industries, and unsurprisingly, the news is not good. In fact, network breaches are rising, confidence is falling, the number of BYOD deployments is shrinking, and IT organizations are fed up with today’s inadequate endpoint defenses.

infosec decision makers

“In 2014, only four in 10 survey participants believed that a successful cyberattack targeting their organization was likely to occur in the coming year. Today, that number has grown to six in 10 and is likely to rise,” said Steve Piper, CEO of CyberEdge Group. “Despite record security spending, savvy IT professionals know that it’s no longer a question of ‘if’ their network will become compromised, but ‘when.’ Smart CISOs must strike a balance between threat prevention and detection investments, as both are critical in the fight against today’s sophisticated threats.”

Key findings

Security takes a bigger bite. This year, 85 percent of responding organizations indicated they are spending more than 5 percent of their IT budgets on security, up from 70 percent in 2015.

Rising attacks, dwindling optimism. An astounding 76 percent of responding organizations were affected by a successful cyberattack in 2015 – up from 70 percent in 2014 and 62 percent in 2013. When asked about the likelihood of a network breach occurring in the coming year, 62 percent felt it was more likely than not – up from 52 percent a year ago.

Endpoint protection revolution. For three consecutive years, infosec decision makers have expressed growing dissatisfaction with their current endpoint security defenses. This year, a whopping 86 percent have expressed their intention to replace (42 percent) or augment (44 percent) their current endpoint protections.

BYOD backpedaling. The percentage of organizations with active BYOD deployments has dropped for the third consecutive year – from 31 percent in 2014 to 26 percent in 2016.

Must-have network security investments. Next-generation firewalls are the top-ranked network security technology planned for acquisition in 2016, followed by threat intelligence services and user behavior analytics.

Mobile devices still in the crosshairs. For the second consecutive year, mobile devices are perceived as IT’s weakest link. In total, 65 percent of infosec decision makers witnessed an increase in mobile threats over the prior year.

Malware and spear-phishing continue to cause headaches. Malware and spear-phishing top the list of threats causing the greatest concern among respondents for the third-consecutive year.

Massive exposure to SSL blind spots. Only a third of responding organizations have the tools necessary to inspect SSL-encrypted traffic for cyberthreats, revealing a gaping hole in enterprise security defenses.

Employees are still to blame. For the third consecutive year, low security awareness among employees tops the list of barriers to establishing effective security defenses. Survey participants are also concerned with an overwhelming volume of security event data, lack of skilled personnel, and lack of available budget.