Infrastructure Security

SILVER

PLATINUM

GOLD

R e s e a r c h S p o n s o r s »«

Phot
o FPO

2019 Cyberthreat
Defense Report
North America | Europe
Asia Pacific | Latin America
Middle East | Africa

Table
of Contents

Introduction
Research

Highlights
Current

Security Posture
Perceptions

and Concerns
Current and Future

Investments

Practices and
Strategies

The
Road Ahead

Survey
Demographics

Research
Methodology

Research
Sponsors

About CyberEdge
Group

2019 Cyberthreat Defense Report 2

Table of Contents

Introduction …………………………………………………………………………………………………………………………….. 3
Research Highlights …………………………………………………………………………………………………………………. 6
Section 1: Current Security Posture …………………………………………………………………………………………… 7

Past Frequency of Successful Cyberattacks……………………………………………………………………………………………………… 7
Future Likelihood of Successful Cyberattacks ………………………………………………………………………………………………… 8
Security Posture by IT Domain …………………………………………………………………………………………………………………………… 9
Assessing IT Security Functions ……………………………………………………………………………………………………………………….. 10
Cyberthreat Hunting Inhibitors ………………………………………………………………………………………………………………………. 11
The IT Security Skills Shortage ………………………………………………………………………………………………………………………… 12

Section 2: Perceptions and Concerns ……………………………………………………………………………………….. 13
Concern for Cyberthreats …………………………………………………………………………………………………………………………………. 13
Responding to Ransomware ……………………………………………………………………………………………………………………………. 14
Barriers to Establishing Effective Defenses ……………………………………………………………………………………………………. 16
Addressing Cloud Security Needs ………………………………………………………………………………………………………………….. 18
Vulnerability Patching Challenges ………………………………………………………………………………………………………………….. 19

Section 3: Current and Future Investments ………………………………………………………………………………. 20
IT Security Budget Allocation …………………………………………………………………………………………………………………………… 20
IT Security Budget Change ……………………………………………………………………………………………………………………………….. 22
Network Security Deployment Status …………………………………………………………………………………………………………….. 24
Endpoint Security Deployment Status ………………………………………………………………………………………………………….. 26
Application and Data Security Deployment Status ……………………………………………………………………………………… 28
Security Management and Operations Deployment Status ………………………………………………………………………. 30
Identity and Access Management Deployment Status ………………………………………………………………………………. 32
Machine Learning and Artificial Intelligence Investments …………………………………………………………………………. 34

Section 4: Practices and Strategies ………………………………………………………………………………………….. 36
SSL / TLS Inspection Practices …………………………………………………………………………………………………………………………. 36
Threat Intelligence Platform Practices ……………………………………………………………………………………………………………. 37
Security Analytics Practices …………………………………………………………………………………………………………………………….. 38
Security Orchestration, Automation, and Response Practices ……………………………………………………………………. 39
Use of Managed Security Services Providers ………………………………………………………………………………………………… 40

The Road Ahead ……………………………………………………………………………………………………………………… 41
Appendix 1: Survey Demographics………………………………………………………………………………………….. 44
Appendix 2: Research Methodology ………………………………………………………………………………………… 46
Appendix 3: Research Sponsors ……………………………………………………………………………………………… 46
Appendix 4: About CyberEdge Group ……………………………………………………………………………………… 49

Table
of Contents

Introduction
Research

Highlights
Current

Security Posture
Perceptions

and Concerns
Current and Future

Investments

Practices and
Strategies

The
Road Ahead

Survey
Demographics

Research
Methodology

Research
Sponsors

About CyberEdge
Group

2019 Cyberthreat Defense Report 3

SURVEY DEMOGRAPHICS:

• Responses received from 1,200 qualified IT
security decision makers and practitioners

• All from organizations with more than 500
employees

• Representing 17 countries across North
America, Europe, Asia Pacific, the Middle East,
Latin America, and Africa

• Representing 19 industries

Introduction

CyberEdge’s annual Cyberthreat Defense Report (CDR) has
garnered considerable media attention and accolades over
the last five years. It’s unlike any research report in the IT
security industry. Rather than supplying statistics on specific
cyberattacks and data breaches (which many of our sponsors
do quite well), we provide deep insight into the minds of IT
security professionals.

Now in its sixth year, the CDR has become a staple among IT
security leaders and practitioners by helping them gauge their
internal practices and security investments against those of
their peers – now across 17 countries and 19 industries. Simply
put, there is no other report of its kind.

CyberEdge would like to thank our Silver, Gold, and Platinum
research sponsors without whose continued support this
report would not be possible.

Top Five Insights for 2019
As always, our latest CDR installment yields dozens of
actionable insights. But the following are the top five
takeaways from this year’s report – at least in our eyes:

1. Security analytics poised for success. 2019 could well
be known as the year that security analytics hit its stride. The
greatest inhibitor to IT security’s success is contending with
too much security data. Our research participants identified
security analytics as the most-wanted security management
and operations technology for 2019.

2. Application development migraines. For the second
consecutive year, IT security organizations struggle with
application development and testing more than any other
security process. And application containers are, once again,
the Achilles’ heel of IT security organizations.

3. Ransomware on the rise. Last year’s ransomware stats
were ugly. This year’s stats are even uglier. The percentage of
organizations victimized by ransomware is up, the percentage
of organizations paying ransoms is up, and the percentage
that lost data by refusing to pay ransoms is up, as well.

4. Machine learning garners confidence. More than 90%
of IT security organizations have invested in machine learning
(ML) and/or artificial intelligence (AI) technologies to combat
advanced threats. More than 80% are already seeing
a difference.

5. Web application firewalls rule the roost. For the second
consecutive year, the web application firewall (WAF) claims
the top spot as the most widely deployed app/data security
technology.

About This Report
The CDR is the most geographically comprehensive vendor-
agnostic study of IT security decision makers and practitioners.
Rather than compiling cyberthreat statistics and assessing
the damage caused by data breaches (other researchers do a
great job there), the CDR surveys the perceptions of IT security
professionals, gaining insights into how they see the world.

Specifically, the CDR examines:

v The frequency of successful cyberattacks in the prior
year and optimism (or pessimism) for preventing further
attacks in the coming year

v The perceived impact of cyberthreats and the challenges
faced in mitigating their risks

v The adequacy of organizations’ security postures and their
internal security practices

v The organizational factors that present the most
significant barriers to establishing effective cyberthreat
defenses

v The investments in security technologies already made
and those planned for the coming year

v The health of IT security budgets and the portion of the
overall IT budget they consume

Table
of Contents

Introduction
Research

Highlights
Current

Security Posture
Perceptions

and Concerns
Current and Future

Investments

Practices and
Strategies

The
Road Ahead

Survey
Demographics

Research
Methodology

Research
Sponsors

About CyberEdge
Group

2019 Cyberthreat Defense Report 4

Introduction

By revealing these details, we hope to help IT security decision
makers and practitioners gain a better understanding of how
their perceptions, concerns, priorities, and defenses stack up
against those of their peers in other countries and industries.
Applied constructively, the data, analyses, and findings can be
used by diligent IT security teams to shape answers to many
important questions, such as:

v Where do we have gaps in our cyberthreat defenses
relative to other organizations?

v Have we fallen behind in our defensive strategy to the
point that our organization is now the “low-hanging fruit”
(i.e., likely to be targeted more often due to its relative
weaknesses)?

v Are we on track with both our approach and progress in
continuing to address traditional areas of concern, while
also tackling the challenges of emerging threats?

v How does our level of spending on IT security compare to
that of other organizations?

v How are other IT security practitioners thinking differently
about cyberthreats and their defenses, and should we
adjust our perspective and plans to account for these
differences?

Another important objective of the CDR is to provide
developers of IT security technologies and services with
information they can use to better align their solutions with
the concerns and requirements of potential customers. The
net result should be better market traction and success for
solution providers – at least those that are paying attention –
along with better cyberthreat protection technologies for all
the intrepid defenders out there.

The findings of the CDR are divided into four sections:

Section 1: Current Security Posture
The security foundation an organization currently has in place
and the perception of how well it is working invariably shape
future decisions about cyberthreat defenses, such as:

v Whether, to what extent, and how urgently changes
are needed

v Specific types of countermeasures that should be added
to supplement existing defenses

Our journey into the depths of cyberthreat defenses begins,
therefore, with an assessment of respondents’ perceived
effectiveness of their organization’s investments and
strategies relative to the prevailing threat landscape.

Section 2: Perceptions and Concerns
In this section, our exploration of cyberthreat defenses shifts
from establishing baseline security postures to determining
the types of cyberthreats and other obstacles to security that
concern today’s organizations the most. Like the perceived
weaknesses identified in the previous section, these
concerns serve as an important indicator of where and how
organizations can best improve their cyberthreat defenses
going forward.

Section 3: Current and Future Investments
Organizations can ill afford to stand still when it comes to
maintaining effective cyberthreat defenses. IT security teams
must keep pace with the changes occurring around them
– whether to the business, technology, or threat landscapes –
by making changes of their own.

With respondents’ perceptions of the threat landscape
and the effectiveness of their organization’s defenses as a
backdrop, this section sheds light not only on the security
technologies organizations currently have in place, but also
on the investments they plan to make over the coming year.

Table
of Contents

Introduction
Research

Highlights
Current

Security Posture
Perceptions

and Concerns
Current and Future

Investments

Practices and
Strategies

The
Road Ahead

Survey
Demographics

Research
Methodology

Research
Sponsors

About CyberEdge
Group

2019 Cyberthreat Defense Report 5

Introduction

Section 4: Practices and Strategies
Mitigating today’s cyberthreat risks takes more than investing
in the right technologies. You must ensure those technologies
are deployed optimally, configured correctly, and monitored
adequately to give your organization a fighting chance of not
making tomorrow’s front page news.

In this section, we assess best practices IT security
professionals embrace for combatting today’s threats. We also
gauge adoption of leading-edge technologies and ascertain
how they’re used.

Navigating This Report
We encourage you to read this report from cover to cover, as
it’s chock full of useful information. But there are three ways
to navigate through this report, if you are seeking out specific
topics of interest:

v Table of Contents. Each item in the Table of Contents
pertains to specific survey questions. Click on any item to
jump to its corresponding page.

v Research Highlights. The Research Highlights page
showcases the most significant headlines of the report.
Page numbers are referenced with each highlight so you
can quickly learn more.

v Navigation tabs. The tabs at the top of each page are
clickable, enabling you to conveniently jump to different
sections of the report.

Contact Us
Do you have an idea for a new topic that you’d like us to
address next year? Or would you like to learn how your
organization can sponsor next year’s CDR? We’d love to hear
from you! Drop us an email at [email protected].

mailto:research%40cyber-edge.com?subject=

Table
of Contents

Introduction
Research

Highlights
Current

Security Posture
Perceptions

and Concerns
Current and Future

Investments

Practices and
Strategies

The
Road Ahead

Survey
Demographics

Research
Methodology

Research
Sponsors

About CyberEdge
Group

2019 Cyberthreat Defense Report 6

Research Highlights

Current Security Posture
v Attack success redux. The percentage of organizations

affected by a successful cyberattack ticked up from 77% to
78%, despite last year’s first-ever decline (page 7).

v Pessimism spike. Nearly two-thirds of IT security profes-
sionals believe a successful cyberattack is imminent in
2019 (page 8).

v Container security woes. For the second year, application
containers edge mobile devices as IT security’s weakest
link (page 9).

v Application development headaches. For the third
year, app development and testing is the security process
organizations struggle with the most (page 10).

v Cyberthreat hunting inhibitors. The greatest challenge
is implementing and integrating cyberthreat hunting
technologies (page 11).

v Worsening skills shortage. 84% of organizations are
experiencing an IT security skills shortage, up from 81%
last year (page 12).

Perceptions and Concerns
v Cyberthreat trifecta. Malware, spear phishing, and

ransomware top the list of cyberthreat concerns for the
third consecutive year (page 13).

v Funding ransomware. Ransomware attacks are rising,
and so are the number of ransom payers (page 14).

v Security data avalanche. IT security professionals can’t
keep up with growing mountains of security data (page16).

v Old dogs, new tricks. More than half of organizations
are re-training existing IT staff to tackle cloud security
challenges (page 18).

v Glass half full? Nearly four in five respondents believe
their scanning and patching efforts have improved, but is
it enough? (page 19).

Current and Future Investments
v Security’s slice of the pie. On average, IT security

consumes 12.5% of the overall IT budget (page 20).

v Record-setting security budgets. The average security
budget is going up by 4.9% in 2019 (page 22).

v Network security’s top picks. Advanced malware
analysis, next-gen firewalls (NGFWs) and deception
solutions are the top network security technologies
planned for acquisition in 2019 (page 24).

v Defender of endpoints. Containerization / micro-virtu-
alization heads the list of endpoint security technologies
respondents plan to acquire in 2019… again (page 26).

v Ruling the app/data security roost. For the second
consecutive year, WAF is the most widely deployed app/
data security technology (page 28).

v Most-wanted security technology. Advanced security
analytics tops 2019’s most wanted list not only for the
security management and operations category, but also
for all technologies in this year’s report (page 30).

v Burgeoning biometrics. Biometrics bubbled to the top
as the most sought-after identity and access management
technology for the coming year (page 32).

v Bringing the heat for advanced threats. More than
four in five respondents believe ML and AI technologies
are making a difference in the battle to detect advanced
cyberthreats (page 34).

Practices and Strategies
v Unsolved SSL decryption puzzle. Decrypting SSL/TLS

network traffic so that it can be inspected for threats
remains a persistent challenge for nearly three in four
organizations (page 36).

v TIPping the security scales. Enterprises are sourcing
threat intelligence platforms (TIPs) to improve cyber-
threat detection and validate security alerts (page 37).

v Sourcing strategies for security analytics. Purchasing
a standalone product to complement an existing SIEM
is the top approach for adding security analytics to an
organization’s cyberthreat defenses (page 38).

v Flying high with SOAR. Forward-leaning organizations
are adopting security orchestration, automation, and
response (SOAR) solutions to accelerate SecOps tasks
(page 39).

v MSSPs to the rescue. Nine of 10 organizations are
leveraging managed security service providers (MSSPs) to
offload at least one IT security function (page 40).

Table
of Contents

Introduction
Research

Highlights
Current

Security Posture
Perceptions

and Concerns
Current and Future

Investments

Practices and
Strategies

The
Road Ahead

Survey
Demographics

Research
Methodology

Research
Sponsors

About CyberEdge
Group

2019 Cyberthreat Defense Report 7

Section 1: Current Security Posture

Figure 1: Frequency of successful attacks by year.

How many times do you estimate that your organization’s global network has been compromised by a
successful cyberattack within the past 12 months? (n=1,137)

Past Frequency of Successful Cyberattacks

Last year, we expressed cautious optimism after witnessing
the first-ever decline in successful cyberattacks in our report’s
five-year history. Unfortunately, that glimmer of hope has
vanished because successful attacks are, once again, on the
rise. Last year, 77.2% of respondents reported a successful
cyberattack. This year, that figure rose to 78.0% (see Figure 1).
Furthermore, the portion of respondents reporting more than
10 successful attacks has also expanded, from 9.0% to 9.4%.

Analyzing the data regionally (see Figure 2), we can report a
couple of bright spots. First, the cyberthreat climate in Mexico
has dramatically improved. Last year, Mexico was hardest
hit of all countries, with 93.9% of respondents reporting
successful attacks. This year, Mexico is in the middle of the
pack at 78.1%. Unfortunately, another Spanish-speaking
country, Spain, has taken over as hardest hit, with 93.7% of

respondents reporting successful attacks. As in Mexico, the
situation has improved down under: Australia is revealed
to be the least targeted, with only 63.0% of respondents
reporting successful attacks – down from 66.7% last year.

Of the seven key industries tracked in this report, telecom &
technology (81.2%) is the industry hardest hit in this year’s
report, followed by education (80.0%) and retail (79.2%).
Healthcare (69.1%) is the least-targeted industry this year.

Dissecting the data by headcount, mid-size enterprises with
5,000-9,999 employees were affected the most (88.0%) by
successful cyberattacks. They felt the impact considerably
more than the largest (more than 25,000 employees; 73.9%)
and the smallest (500-999 employees; 66.7%) organizations.

Figure 2: Percentage compromised by at least one successful
attack in the past 12 months.

“Unfortunately, that glimmer of hope
has vanished because successful attacks are,

once again, on the rise.”

Table
of Contents

Introduction
Research

Highlights
Current

Security Posture
Perceptions

and Concerns
Current and Future

Investments

Practices and
Strategies

The
Road Ahead

Survey
Demographics

Research
Methodology

Research
Sponsors

About CyberEdge
Group

2019 Cyberthreat Defense Report 8

Section 1: Current Security Posture

Future Likelihood of Successful Cyberattacks

What is the likelihood that your organization’s network will become compromised by a successful
cyberattack in 2019? (n=1,153)

People, in general, embrace optimism over pessimism. Time
magazine surveyed 801 Americans in 2013 asking them if they
felt they were, in general, more optimistic or pessimistic by
nature. 50% identified as optimistic while only 4% identified
as pessimistic, with the balance somewhere in between.
Although this survey is now six years old, we believe it still
applies today.

However, after being inundated with sophisticated cyber-
attacks over the past decade, IT security professionals tend
to be more pessimistic as it pertains to the likelihood of their
organizations being compromised by one or more cyber-
attacks in the coming year. And frankly, they have every right
to be.

In last year’s report, 77.2% of respondents reported successful
cyberattacks in the preceding year. Despite this sour reality,
only 62.3% felt a successful attack was likely in the coming
year. This pattern continues: while 78% reported successful
attacks this year, only 65.2% expect the same in 2019 (see
Figure 3).

Let’s ponder this further: 78.0% were victimized last year, but
only 65.2% feel they’re likely to be victimized again this year.
That means 12.8% have reason to believe things are getting
better. But why? Here are a few plausible explanations:

v Security budgets in 2019 set a record for the highest
single-year increase in our report’s six-year history, at 4.9%
(see page 22).

v Despite being inundated with security data (see page 16),
organizations are investing heavily in security analytics in
2019 (see page 30).

v More than four in five respondents believe that innovative
new ML and AI technologies are making a difference in
the battle to detect advanced cyberthreats (see page 34).

Other notable findings from this year’s report include:

v The percentage of respondents considering it “not likely”
that their organization will be breached in the coming
year held fairly steady, with only a slight decrease from
12.8% in 2018 to 12.6% for 2019.

v Geographically, China (91.9%), Turkey (85.7%), and Mexico
(84.4%) are the most pessimistic in the coming year.
Respondents in Australia (48.0%) like their chances.

v Of the seven key industries tracked in this report, retail
(74.5%), education (73.5%), and telecom & technology
(65.9%) employ the most pessimistic IT security profes-
sionals. Surprisingly, government (57.6%) respondents
are the most bullish, despite numerous high-profile
government data breaches around the world (see Figure 4).

Figure 3: Likelihood of being successfully attacked in the next
12 months.

Figure 4: Percentage indicating compromise is “more likely to occur
than not” in the next 12 months.

Table
of Contents

Introduction
Research

Highlights
Current

Security Posture
Perceptions

and Concerns
Current and Future

Investments

Practices and
Strategies

The
Road Ahead

Survey
Demographics

Research
Methodology

Research
Sponsors

About CyberEdge
Group

2019 Cyberthreat Defense Report 9

Section 1: Current Security Posture

Security Posture by IT Domain

On a scale of 1 to 5, with 5 being highest, rate your organization’s overall security posture (ability to defend
against cyberthreats) in each of the following IT components: (n=1,191)

Defending today’s complex networks against an ever-evolving
climate of advanced cyberthreats is no easy task. And, of
course, some IT components are easier to defend than others.

For the past six years, we’ve asked our research participants
to rate their ability to defend cyberthreats against various
classes of IT components. The results are, once again, fairly
understandable.

Traditional IT components such as websites, physical and
virtual servers, and datastores are largely static. That means
it’s easier to keep them up-to-date with patches and easier
to detect inbound cyberthreats targeting them (see Figure
5). However, it is more challenging to secure other types of IT
components:

v Newer IT components – such as application containers and
operational technology (OT) devices – are harder to protect
because corresponding cyberthreats are still emerging and
experience with related defenses remains low.

v Devices that are infrequently connected to the corporate
network – such as smartphones, tablets, and laptops – are
more difficult to keep up-to-date with the latest patches
and threat signatures.

An interesting footnote: on a scale of 1 to 5, with 5 being
highest (i.e., most secure), the average rating for IT
components in both 2018 and 2019 is 3.82 – precisely the
same to the hundredth of a point. So, although some IT
components are perceived as slightly easier to secure in 2019
as compared to last year (e.g., mobile devices – from 3.67 to
3.73), this result is offset by another group of IT components
that are perceived as slightly more challenging to secure in
2019 (e.g., datastores – from 3.95 to 3.86).

Figure 5: Perceived security posture by IT domain.

“Newer IT components – such as
application containers and operational

technology (OT) devices – are harder to protect
because corresponding cyberthreats

are still emerging and experience with
related defenses remains low.”

Table
of Contents

Introduction
Research

Highlights
Current

Security Posture
Perceptions

and Concerns
Current and Future

Investments

Practices and
Strategies

The
Road Ahead

Survey
Demographics

Research
Methodology

Research
Sponsors

About CyberEdge
Group

2019 Cyberthreat Defense Report 10

Assessing IT Security Functions

On a scale of 1 to 5, with 5 being highest, rate the adequacy of your organization’s capabilities (people and
processes) in each of the following functional areas of IT security: (n=1,189)

Section 1: Current Security Posture

In the previous section, we asked our research participants
to rate their confidence about securing various classes of IT
components. In this section, we asked a similarly structured
question: how they rate the adequacy of their organization’s
internal security processes.

For the third straight year, application development and
testing is the Achilles’ heel of IT security organizations. This
finding aligns perfectly with the corresponding result in
the prior section, as application containers are the most
challenging IT component to secure. Thankfully, IT security
vendors are continuing to add innovations to the following
DevSecOps tools that should help to …