76 Percent of Organizations Breached in 2015, Finds ‘2016 Cyberthreat Defense Report’

With 1,000 IT security decision makers and practitioners participating from 10 countries, five continents, and 19 industries, the CyberEdge report is the most comprehensive study of security professionals’ perceptions in the industry.

The Cyberthreat Defense Report provides a 360-degree view of organizations’ security threats, current defenses, and planned investments. Consistent with findings in CyberEdge’s prior two annual reports, the 2016 report finds that security spending is growing, network breaches are rising, confidence is falling, the number of bring-your-own-device (BYOD) deployments is shrinking, and IT organizations are fed up with today’s inadequate endpoint defenses. In fact, nearly 9 of ten respondents conveyed their organization’s intent to replace or augment their current endpoint security defenses – up from nearly 7 of ten respondents in last year’s report.

Key Findings

The 2016 Cyberthreat Defense Report yielded dozens of insights into the challenges faced by IT security professionals today. Key findings include:

Security takes a bigger bite. This year, 85 percent of responding organizations indicated they are spending more than 5 percent of their IT budgets on security, up from 70 percent in 2015.

Rising attacks, dwindling optimism. An astounding 76 percent of responding organizations were affected by a successful cyberattack in 2015 – up from 70 percent in 2014 and 62 percent in 2013. When asked about the likelihood of a network breach occurring in the coming year, 62 percent felt it was more likely than not – up from 52 percent a year ago.

Endpoint protection revolution. For three consecutive years, respondents have expressed growing dissatisfaction with their current endpoint security defenses. This year, a whopping 86 percent have expressed their intention to replace (42 percent) or augment (44 percent) their current endpoint protections.

BYOD backpedaling. The percentage of organizations with active BYOD deployments has dropped for the third consecutive year – from 31 percent in 2014 to 26 percent in 2016.

Must-have network security investments. Next-generation firewalls are the top-ranked network security technology planned for acquisition in 2016, followed by threat intelligence services and user behavior analytics.

Mobile devices “still” in the crosshairs. For the second consecutive year, mobile devices are perceived as IT’s “weakest link.” In total, 65 percent of respondents witnessed an increase in mobile threats over the prior year.

Malware and spear-phishing continue to cause headaches. Malware and spear-phishing top the list of cyberthreats causing the greatest concern among respondents for the third-consecutive year.

Massive exposure to SSL blind spots. Only a third of responding organizations have the tools necessary to inspect SSL-encrypted traffic for cyberthreats, revealing a gaping hole in enterprise security defenses.

Employees are still to blame. For the third consecutive year, low security awareness among employees tops the list of barriers to establishing effective security defenses. Survey participants are also concerned with an overwhelming volume of security event data, lack of skilled personnel, and lack of available budget.

“In 2014, only four in 10 survey participants believed that a successful cyberattack targeting their organization was likely to occur in the coming year. Today, that number has grown to six in 10 and is likely to rise,” said Steve Piper, CEO of CyberEdge Group. “Despite record security spending, savvy IT professionals know that it’s no longer a question of ‘if’ their network will become compromised, but ‘when.’ Smart CISOs must strike a balance between threat prevention and detection investments, as both are critical in the fight against today’s sophisticated threats.”

“It’s great to see perception and spending catching up with reality. According to my research, security spending has been growing at 24 percent annually. So it’s no surprise that spending as a percentage of the overall IT budget is increasing,” said Richard Stiennon, Chief Research Analyst at IT-Harvest. “While it’s important to invest in additional protection, organizations must be careful about where they place these new investments, so they’re not merely stopping the threat of the day, but rather supporting the needs of the business.”

In November 2015, 1,000 IT security decision makers and practitioners representing 19 industries and 10 countries across North America (U.S. and Canada), Europe (U.K., Germany, and France), Asia Pacific (Australia, Singapore, and Japan), and Latin America (Brazil and Mexico) participated in a 26-question online survey. Each participant is employed by a commercial or government entity with a minimum of 500 employees.

The Cyberthreat Defense Report is designed to complement Verizon’s annual Data Breach Investigations Report, which evaluates the cyberthreat landscape and describes how threats are used to penetrate computer networks. This report assesses organizations’ security posture, gauges perceptions about cyberthreats, and ascertains future plans for improving security and reducing risk. It provides deep insights into how IT security professionals perceive cyberthreats and what they’re doing to defend against them.

The 2016 Cyberthreat Defense Report was sponsored by several leading information security vendors, including:

  • Platinum sponsors: Blue Coat Systems, Citrix Systems, Code42, and Imperva
  • Gold sponsors: Fidelis Cybersecurity, Invincea, LogRhythm, NetIQ, and Webroot
  • Silver sponsors: CloudLock, Gurucul, Ikanow, SentinelOne, and ThreatQuotient

Report Available Now

The 2016 Cyberthreat Defense Report is available now through each of the above sponsors and by connecting to the CyberEdge Group website at http://www.cyber-edge.com/2016-cdr.

About CyberEdge Group

CyberEdge Group is an award-winning research, marketing, and publishing firm serving the diverse needs of information security vendors and service providers. Headquartered in Annapolis, Maryland with two-dozen consultants based across North America, CyberEdge boasts more than 70 of the security industry’s top vendors as clients. The company’s annual Cyberthreat Defense Report provides information security decision makers and practitioners with practical, unbiased insight into how enterprises and government agencies in North America, Europe, Asia Pacific, and Latin America are defending their networks against today’s complex cyberthreat landscape. For more information, visit www.cyber-edge.com.

The CyberEdge Group name and logo are trademarks of CyberEdge Group, LLC in the United States and other countries. All other trademarks and service marks are the property of their respective owners.


Media Contact:
W2 Communications
Tony Welz, Principal
703-218-3555 x226
CyberEdge Group Contact:
CyberEdge Group, LLC
Steve Piper, CEO