CyberEdge Group, a leading research and marketing firm serving the security industry’s top vendors, today announced the availability of its eighth annual Cyberthreat Defense Report (CDR). The award-winning CDR has rapidly become the de facto standard for assessing organizations’ security posture, for gauging perceptions of information technology (IT) security professionals, and for ascertaining current and planned investments in IT security infrastructure – across all industries and geographic regions.
Pandemic-fueled security challenges
IT security teams faced unprecedented challenges last year fueled by dramatically expanded work-from-home (WFH) programs, increased bring-your-own-device (BYOD) policy adoptions, and rising internal and third-party risks stemming from the COVID-19 pandemic. Fallout included:
- Record-setting successful attacks. 86% of organizations experienced a successful attack, up from 81% the prior year, the largest year-over-year increase in six years.
- Record-setting ransomware attacks. 69% of organizations were victimized by ransomware, up from 62% the prior year. 57% of victims paid a ransom. Of those who paid, 28% failed to recover their data.
- Record-setting personnel shortages. 87% of organizations are experiencing a shortfall in skilled IT security personnel, up from 85% the prior year. IT security architects and engineers are in highest demand.
Rise in cloud-based security solutions
The percentage of IT security applications and services delivered via the cloud jumped from 36% to 41% in just one year. This supports key findings from CyberEdge research published in October 2020, “The Impact of COVID-19 on Enterprise IT Security Teams,” where we learned that three in four IT security professionals (75%) had increased their preference for cloud-based security solutions. In this study, we also learned that remote workforces increased by 114% and BYOD policy adoptions increased by 59% during the pandemic. So, it’s no surprise that many IT security teams are shifting their security infrastructure investments from traditional, on-premises offerings to modern, cloud-based solutions.
“The challenges faced by IT security professionals throughout the pandemic have been overwhelming,” says Steve Piper, founder and CEO of CyberEdge Group. “Within the last 12 months, security teams have had to provide connectivity for a remote workforce that has more than doubled while mitigating risks associated with unmanaged, employee-owned devices. It’s no wonder we’re witnessing record-setting data breaches, ransomware attacks, and internal and third-party security risks. This year, we dedicate our CDR to the hardworking men and women who have worked tirelessly to keep our networks safe under the most difficult of circumstances.”
Additional key findings
The 2021 CDR yielded dozens of insights into the challenges IT security professionals faced last year and the challenges they’ll likely continue to face for the rest of this year. Key findings include:
- Slowing security spending. The average security budget will grow in 2021, but at a slower rate than a year ago (from 5% to 4% growth). For the first time in CDR history, the percentage of organizations with rising security budgets has declined.
- Hottest security tech for 2021. Among the most sought-after security technologies in 2021 are next-generation firewalls (network security), deception technology (endpoint security), bot management (app and data security), threat intelligence platforms (security management and operations), and biometrics (identity and access management).
- Embracing emerging technologies. The vast majority of organizations have embraced emerging security technologies such as SD-WAN (82%), zero trust network architectures (75%), and security access service edge (SASE) (74%).
- This year’s weakest links. Mobile devices, internet of things (IoT) devices, and industrial control systems/supervisory control and data acquisition (ICS/SCADA) devices top this year’s list of IT components most challenging to secure.
- Decryption woes. Nearly nine in 10 organizations (88%) face challenges with decrypting Secure Sockets Layer/Transport Layer Security (SSL/TLS) traffic for inspection by network security tools. Failing to inspect encrypted web traffic elevates risks of cyberattacks and potential data exfiltration.
- Training and specialty certifications in demand. Nearly all (99%) research participants agreed that achieving an IT security specialty certification would boost their careers. Cloud security topped the list of eight specialty certifications in highest demand.
- Integrating app and data security. “Simplified security monitoring” and “improved customer support experience” are cited as the top benefits achieved by integrating application and data security into the same platform.
- Underinvesting in human vigilance. “Low security awareness among employees” tops this year’s list of IT security team inhibitors for successfully defending against attacks.
- Reaping the benefits of DevSecOps. 93% of responding organizations are already realizing the benefits of DevSecOps practices. “Increased speed of deploying application updates” is the most-notable benefit achieved.
About the CDR
In November 2020, 1,200 IT security decision makers and practitioners completed a 27-question online survey. Each participant was employed by a commercial or government entity with a minimum of 500 employees. Participants came from six geographic regions: North America, Europe, Asia Pacific, the Middle East, Latin America, and Africa.
The CDR gauges perceptions about cyberthreats and ascertains future plans for improving security and reducing risk. It enables IT security professionals to benchmark their company’s security posture, operating budget, product investments, and best practices against peers in their industry and geographic region.
The 2021 CDR is supported by leading information security vendors:
- Platinum sponsors: (ISC)2, Gigamon, Imperva, Menlo Security, and PerimeterX
- Gold sponsors: ConnectWise, Herjavec Group, KnowBe4, Micro Focus, and Thycotic
- Silver sponsors: AppGuard, Binary Defense, Britive, Cymulate, EclecticIQ, and Interos
The 2021 Cyberthreat Defense Report is available from all sponsors or by visiting the CyberEdge Group website at www.cyber-edge.com/cdr.
About CyberEdge Group
CyberEdge Group is an award-winning research and marketing consulting firm serving the diverse needs of information security vendors and service providers. Headquartered in Annapolis, Maryland, with three dozen consultants based across North America, CyberEdge boasts more than 200 of the security industry’s top vendors as clients. The company’s annual Cyberthreat Defense Report provides information security decision makers and practitioners with practical, unbiased insight into how enterprises and government agencies defend their networks in today’s complex cyberthreat landscape. For more information, visit www.cyber-edge.com.
The CyberEdge Group name and logo are trademarks of CyberEdge Group, LLC in the United States and other countries. All other trademarks and service marks are the property of their respective owners.