The 2019 ITWeb/VMWare Security Survey was conducted are on ITWeb during March and April and was completed by 122 respondents.
75% of those are cyber security decision makers – 32% are C-level executive, while a further 43% are at mid-management level.
Below are some key findings:
1. 1. Nearly 70% of respondents have a formal cyber security policy in place.
2. 57% of participating organisations have experienced a phishing attack, and another 36% have fallen victim to a malware incident.
3. DDoS attacks affected one in five CISOs. Ransomware, surprisingly, dropped to only 17%, from 46% the year before.
4. Insider attacks remain the greatest security risk, cited by 27% of respondents, followed by e-mail viruses (14%) and threat posed by uncontrolled portable devices (13%).
5. 48% of security decision-makers believe they could remediate a security breach ‘fairly quickly’.
6. Business-driven compliance and risk are the main drivers behind security spend.
7. Cyber risks have been promoted into the enterprise risk register by 58% of respondents.
8. The greatest barrier to additional security investments are lack of budget, uncertain ROI and lack of time.
9. Less than half of companies have a formal process to measure the effectiveness of security expenditure.
10. About a third of respondents (34%) said their organisation provides training on security threats to staff on a monthly basis; only 8% stated not at all.