One-Third of Ransomware Victims Pay Associated Ransoms, Finds ‘2017 Cyberthreat Defense Report’

Fourth-annual Report Surveys Perceptions and Buying Practices of Information Security Decision Makers and Practitioners Across North America, Europe, Asia Pacific, Latin America, the Middle East, and Africa

ANNAPOLIS, Md.--()--CyberEdge Group, a premier research and marketing firm serving the security industry’s top vendors, today announced immediate availability of its fourth-annual Cyberthreat Defense Report. New this year, the report found that 61 percent of responding organizations were compromised by ransomware in 2016, while the percentage of organizations affected by successful cyberattacks reaches an all-time high. Further, one in five respondents indicated dissatisfaction with Microsoft’s available protections for securing Office 365 deployments, opening the door for third-party security solutions.

With 1,100 IT security decision makers and practitioners participating from 15 countries, six continents, and 19 industries, the CyberEdge’s Cyberthreat Defense Report is the most comprehensive study of security professionals’ perceptions in the industry. This study provides a 360-degree view of organizations’ security threats, current defenses, and planned investments. Consistent with findings in CyberEdge’s prior three annual reports, the 2017 report finds that network breaches are rising, under-trained employees pose the greatest security risk, and malware is more troubling than ever.

Key Findings

The 2017 Cyberthreat Defense Report yielded dozens of insights into the challenges faced by IT security professionals today. Key findings include:

  • Held hostage by ransomware. 61 percent of respondents indicated that their organization was victimized by ransomware last year. Of those affected, 33 percent paid the ransom and recovered their data, 54 percent refused to pay but successfully recovered their data anyway, and 13 percent refused to pay and subsequently lost their data.
  • Microsoft leaving the door open? One in five respondents is not satisfied with the protections Microsoft provides to secure Office 365 environments, leaving the door open for third-party security solutions.
  • Rising attacks are the new norm. The percentage of organizations affected by successful cyberattacks has risen for the third-consecutive year – from 62 percent in 2014, to 70 percent in 2015, to 76 percent in 2016, and now to 79 percent in 2017. Today, three in five believe a successful cyberattack in the coming year is more likely than not.
  • Now hiring. An astounding nine out of 10 respondents indicated their organization is suffering from the global shortage of skilled IT security personnel. 51 percent of respondents are leveraging external vendors and contractors to fill the void.
  • Cyber insurance reaches critical mass. Three-quarters of respondents rate their organization’s level of cyber insurance investment as adequate. Less than nine percent of respondents expressed concern over insufficient coverage.
  • Network deception technology excites. Of 16 network security technologies depicted in the survey, honeypots / network deception technology (41 percent) is the one most sought after in the coming year, followed by next-generation firewalls (39 percent) and user and entity behavior analytics (38 percent).
  • Database and web application firewalls reign supreme. When asked which of 11 application and data-centric security technologies are currently deployed by their organizations, respondents ranked database firewalls and web application firewalls (WAFs) highest, each with a 65 percent adoption rate.
  • Underinvesting in the human firewall. When respondents were asked what’s inhibiting them from securing their employers’ networks, “low security awareness among employees” was the top response for the fourth-consecutive year, followed by “lack of skilled personnel” and “too much data to analyze.”

“If the definition of insanity is doing the same thing repeatedly and expecting a different result, then perhaps, as an industry, we’re going insane,” said Steve Piper, CEO of CyberEdge Group. “Each year, we invest more in security, yet frequency and severity of data breaches rise. But why? I believe I can offer two partial explanations, inspired by this year’s Cyberthreat Defense Report. First, for the fourth-consecutive year, respondents indicate that ‘low security awareness among employees’ is the greatest inhibitor. OK, then invest more in training! And second, we consistently hear that most data breaches stem from exploiting old vulnerabilities. OK, then get patching! Investing in best-of-breed security defenses is always prudent, but to stop the bleeding, we’ve got to invest more in our human firewalls and reducing our network attack surfaces.”

“The findings of CyberEdge’s latest Cyberthreat Defense Report are consistent with what we’re seeing in the industry,” said Mike Rothman, president of Securosis. “There are more attacks, more sophisticated malware, and more complexity ahead relative to skyrocketing cloud usage, all making it more challenging to execute on a security program. This difficulty is compounded by the global security skills shortage and the ongoing inability for most employees to not click on links that compromise their devices. On the positive front, budgets continue to increase and security initiatives are very high profile, consistently getting board room visibility. So all in all, it’s the best of times and the worst of times for security folks.”

About the Cyberthreat Defense Report

In November 2016, 1,100 IT security decision makers and practitioners representing 19 industries and 15 countries across North America (U.S. and Canada), Europe (U.K., Germany, and France), Asia Pacific (Australia, China, Singapore, and Japan), Latin America (Brazil, Columbia, and Mexico), the Middle East (Saudi Arabia and Turkey), and South Africa participated in a 27-question online survey. Each participant is employed by a commercial or government entity with a minimum of 500 employees.

The Cyberthreat Defense Report is designed to complement Verizon’s annual Data Breach Investigations Report, which evaluates the cyberthreat landscape and describes how threats are used to penetrate computer networks. This report assesses organizations' security posture, gauges perceptions about cyberthreats, and ascertains future plans for improving security and reducing risk. It provides deep insights into how IT security professionals perceive cyberthreats and what they’re doing to defend against them.

The 2017 Cyberthreat Defense Report was sponsored by several leading information security vendors, including:

  • Platinum sponsors: Code42, Imperva, SecureWorks, and Symantec
  • Gold sponsors: Bitglass, Exabeam, Hewlett Packard Enterprise, and Webroot
  • Silver sponsors: Endgame, Fox Technologies, Illusive Networks, Soliton Cyber & Analytics, and Sumo Logic

Report Available Now

The 2017 Cyberthreat Defense Report is available now through each of the above sponsors and by connecting to the CyberEdge Group website at http://www.cyber-edge.com/cdr.

About CyberEdge Group

CyberEdge Group is an award-winning research and marketing consulting firm serving the diverse needs of information security vendors and service providers. Headquartered in Annapolis, Maryland with two-dozen consultants based across North America, CyberEdge boasts more than 80 of the security industry’s top vendors as clients. The company’s annual Cyberthreat Defense Report provides information security decision makers and practitioners with practical, unbiased insight into how enterprises and government agencies defend their networks against today’s complex cyberthreat landscape. For more information, visit www.cyber-edge.com.

The CyberEdge Group name and logo are trademarks of CyberEdge Group, LLC in the United States and other countries. All other trademarks and service marks are the property of their respective owners.

Contacts

Media Contact:
W2 Communications
Tony Welz
Principal
703-218-3555 x226
tony@w2comm.com
or
CyberEdge Group Contact:
CyberEdge Group, LLC
Steve Piper
CEO
443-603-1500
steve.piper@cyber-edge.com

Contacts

Media Contact:
W2 Communications
Tony Welz
Principal
703-218-3555 x226
tony@w2comm.com
or
CyberEdge Group Contact:
CyberEdge Group, LLC
Steve Piper
CEO
443-603-1500
steve.piper@cyber-edge.com