The 2019 ITWeb/VMWare Security Survey was conducted are on ITWeb during March and April and was completed by 122 respondents.

75% of those are cyber security decision makers – 32% are C-level executive, while a further 43% are at mid-management level.

Below are some key findings:

1. 1. Nearly 70% of respondents have a formal cyber security policy in place.

2. 57% of participating organisations have experienced a phishing attack, and another 36% have fallen victim to a malware incident.

3. DDoS attacks affected one in five CISOs. Ransomware, surprisingly, dropped to only 17%, from 46% the year before.

4. Insider attacks remain the greatest security risk, cited by 27% of respondents, followed by e-mail viruses (14%) and threat posed by uncontrolled portable devices (13%).

5. 48% of security decision-makers believe they could remediate a security breach ‘fairly quickly’.

6. Business-driven compliance and risk are the main drivers behind security spend.

7. Cyber risks have been promoted into the enterprise risk register by 58% of respondents.

8. The greatest barrier to additional security investments are lack of budget, uncertain ROI and lack of time.

9. Less than half of companies have a formal process to measure the effectiveness of security expenditure.

10. About a third of respondents (34%) said their organisation provides training on security threats to staff on a monthly basis; only 8% stated not at all.