Key Insights from CyberEdge’s 2021 Cyberthreat Defense Report
Today, CyberEdge proudly announced the results of our eighth-annual 2021 Cyberthreat Defense Report. Each year, we survey 1,200 IT security professionals from 17 countries and 19 industries to gauge which technologies and best practices security teams are embracing to defend their organizations against today’s cyberthreats.
Key research highlights include:
Current Security Posture
- Most successful attacks in six years. The percentage of organizations compromised by successful attacks rose by 5.5% – the largest annual increase in six years (page 7)!
- Deepening pessimism. For the first time, three-quarters (76%) of security professionals believe a successful attack is imminent – up from 38% seven years ago (page 9).
- The weakest link: mobile devices. Following a rise in WFH and BYOD policy adoptions, mobile devices are rated as most challenging to secure (page 11).
- Shedding light on third-party risks. A new entrant in this year’s CDR, third-party risk management (TPRM), is deemed the most challenging IT security function (page 13).
- Feeling overwhelmed. The vast majority (87%) of organizations are experiencing an IT security skills shortfall, and it has worsened during the pandemic (page 15).
Perceptions and Concerns
- Cyberthreat migraines. Malware, ransomware, and spear phishing continue to cause the most headaches; zero-day attacks not as much (page 17).
- Web and mobile attacks. Nine out of 10 organizations (91%) have been affected by cyberattacks targeting web and mobile applications (page 19).
- Fueling ransomware. More than two-thirds of organizations (69%) were victimized by ransomware and most (57%) paid the ransom (page 21).
- Security awareness gap. For the second consecutive year, the number one barrier to IT security’s success is “low security awareness among employees” (page 24).
- Unified app and data security. “Simplified security monitoring” is the top benefit achieved by integrating application and data security to the same platform (page 26).
- Cybersecurity career boosts. Nearly all (99%) respondents agree that achieving a specialized cybersecurity certification would benefit their career (page 27).
Current and Future Investments
- Security spending plateau? The percentage of a typical IT budget spent on security remained flat (12.7%) for the first time in three years (page 29).
- Slowing security spending. For the first time in CDR history, the percentage of organizations with rising security budgets has declined (from 85% to 78%) and the average security budget increase has declined (from +5% to +4%) (page 31).
- Pandemic-fueled spending reprioritization. The COVID-19 pandemic forced around seven out of eight (86%) organizations to reprioritize IT security spending (page 33).
- Network security’s top picks. NGFWs, DoS/DDoS prevention, and deception are the top network security technologies planned for acquisition in 2021 (page 35).
- Endpoint security shopping list. Deception and browser isolation are the endpoint security technologies most sought after this year (page 37).
- The stars of app/data security. API gateways and WAFs remain supreme, while bot management and FIM/FAM are on many shopping lists for 2021 (page 39).
- TIPs tipping the scale again. Threat intelligence platforms (TIPs) are atop the list of security management and operations technologies planned for acquisition (page 41).
- Biometrics still red hot. Biometrics tops the list of identity and access management (IAM) technologies planned for acquisition this year (page 43).
- Demand for ML/AI holds strong. Once again, 85% of respondents prefer security products that feature machine learning (ML) and artificial intelligence (AI) (page 45).
Practices and Strategies
- Security is going cloud. 41% of security applications are delivered via the cloud, up from 36% last year (page 47).
- Reaping the benefits of DevSecOps. More than nine out of 10 organizations (93%) are realizing the benefits of DevSecOps (page 49).
- Decryption challenges. Nearly nine in 10 organizations (88%) are facing challenges with decrypting SSL/TLS traffic for cyberthreat inspection (page 51).
- Embracing emerging technologies. Most organizations have embraced emerging security technologies: SD-WAN (82%), zero trust (75%), and SASE (74%) (page 53).
The Cyberthreat Defense Report provides the most geographically comprehensive view of IT security perceptions in our industry. Use the findings to benchmark your company’s security posture, operating budget, product investments, and best practices against peers in your industry and region. Download your complimentary copy now: https://www.cyber-edge.com/cdr.
Interested in sponsoring your own CyberEdge survey report? If so, click here: https://cyber-edge.com/services/survey-reports/
Work outside the cybersecurity industry? Visit the LeadingEdge Group website.