Majority (51%) of organizations do not believe they are ready for or would respond well to a cyber attack or breach event
With the perpetually shifting threat landscape, most organizations (over 90%) believe that the cyber threat landscape will stay the same or worsen in 2020, according to FireEye’s Cyber Trendscape Report. Further, the majority (51%) of organizations do not believe they are ready for or would respond well to a cyber attack or breach event. Moreover, 29% of organizations with cyber attack and breach response plans in place have not tested or updated them in the last 12 or more months.
FireEye surveyed over 800 CISOs and other senior executives across North America, Europe, and Asia to uncover attitudes towards some of cyber security’s most prevalent topics. Further, this global snapshot offers context that can aid critical planning discussions with key stakeholders.
“Our new FireEye Cyber Trendscape Report highlights the overall beliefs and perceptions of senior leaders regarding top cyber security priorities for 2020 and beyond, as well areas where they differ across the globe,” said Eric Ouellet, Global Security Strategist at FireEye. “These critical data points will help organizations to bring focus and clarity to their cyber security programs, while helping to expand the dialogue with senior leadership and the board.”
Vast majority of organizations to increase cyber security budgets
To address concerns regarding the potential loss of sensitive data, customer impact, and business operation disruptions, the vast majority (76%) of organizations plan to increase their cyber security budget in 2020:
- Organizations most commonly expressed plans to bump cyber security spending by 1-9% over 2019 allocations
- The greatest number of U.S. participants indicated budgetary increase plans of 10% or more (39%), followed by the UK (30%) and South Korea (22%)
- However, 25% of organizations in Japan and 24% in South Korea indicated plans to keep their security spend the same year over year
Participating organizations were remarkably consistent in their views and perspectives of cyber security. The following sheds light on some of the more differentiated global viewpoints.
Japan organizations to prioritize detection capabilities in 2020
Globally, organizations allocated their cyber security budgets into four main categories with the largest allocations going to the areas of prevention (42%) and detection (28%), followed by containment and remediation. However, Japan was the only country to break away from this order, expressing a greater emphasis on detection (40%) and then prevention (35%).
US organizations take the lead in fully transitioning to the cloud
Over 44% of global respondents expressed having transitioned some of their environment to the cloud, and that they were monitoring cautiously. Additionally, 35% had transitioned some of their environment with plans to continue, and 17% had completed a full cloud deployment. US organizations reported being furthest along in adopting a cloud-first approach with 37% having finished a complete cloud migration.
Germany and Japan participants express concerns regarding cloud security
Of the responding participants globally, 45% felt that the cloud was about as secure as on-premise, and a further 33% believed that the cloud was more secure. However, in both Germany and Japan, 24% of responding organizations perceived the cloud as being less secure – highlighting a disparity from the global average (18%).
France participants believe employee training to be a top protection measure
Globally, participants consistently identified the same solutions as having the most positive impact on their organization’s ability to prevent a cyber attack. Vulnerability management and security software took the lead (slightly above 16%). Employee training was the third (14%) followed by response plans and security hardware (both slightly above 12%).
When it came to cyber security investment areas with the greatest potential positive impact to an organization’s ability to prevent a cyber attack or breach, France participants were the only ones to identify employee training as their top priority, if they did not have constraints. Further, research revealed that 1% of organizations surveyed in France do not have an employee cyber security training program in place, compared to the global average of slightly above 11%. In contrast, 25% of organizations in Germany and 23% in Canada report not having employee cyber security training in place. These numbers are especially concerning considering that a cyber attack can often result from just one employee clicking on a single hyperlink.