Virtualization Technology News and Information
One-Third of Ransomware Victims Pay Associated Ransoms, Finds '2017 Cyberthreat Defense Report'
CyberEdge Group, a premier research and marketing firm serving the security industry's top vendors, today announced immediate availability of its fourth-annual Cyberthreat Defense Report. New this year, the report found that 61 percent of responding organizations were compromised by ransomware in 2016, while the percentage of organizations affected by successful cyberattacks reaches an all-time high. Further, one in five respondents indicated dissatisfaction with Microsoft's available protections for securing Office 365 deployments, opening the door for third-party security solutions.

With 1,100 IT security decision makers and practitioners participating from 15 countries, six continents, and 19 industries, the CyberEdge's Cyberthreat Defense Report is the most comprehensive study of security professionals' perceptions in the industry. This study provides a 360-degree view of organizations' security threats, current defenses, and planned investments. Consistent with findings in CyberEdge's prior three annual reports, the 2017 report finds that network breaches are rising, under-trained employees pose the greatest security risk, and malware is more troubling than ever.

Key Findings

The 2017 Cyberthreat Defense Report yielded dozens of insights into the challenges faced by IT security professionals today. Key findings include:

  • Held hostage by ransomware. 61 percent of respondents indicated that their organization was victimized by ransomware last year. Of those affected, 33 percent paid the ransom and recovered their data, 54 percent refused to pay but successfully recovered their data anyway, and 13 percent refused to pay and subsequently lost their data.
  • Microsoft leaving the door open? One in five respondents is not satisfied with the protections Microsoft provides to secure Office 365 environments, leaving the door open for third-party security solutions.
  • Rising attacks are the new norm. The percentage of organizations affected by successful cyberattacks has risen for the third-consecutive year - from 62 percent in 2014, to 70 percent in 2015, to 76 percent in 2016, and now to 79 percent in 2017. Today, three in five believe a successful cyberattack in the coming year is more likely than not.
  • Now hiring. An astounding nine out of 10 respondents indicated their organization is suffering from the global shortage of skilled IT security personnel. 51 percent of respondents are leveraging external vendors and contractors to fill the void.
  • Cyber insurance reaches critical mass. Three-quarters of respondents rate their organization's level of cyber insurance investment as adequate. Less than nine percent of respondents expressed concern over insufficient coverage.
  • Network deception technology excites. Of 16 network security technologies depicted in the survey, honeypots / network deception technology (41 percent) is the one most sought after in the coming year, followed by next-generation firewalls (39 percent) and user and entity behavior analytics (38 percent).
  • Database and web application firewalls reign supreme. When asked which of 11 application and data-centric security technologies are currently deployed by their organizations, respondents ranked database firewalls and web application firewalls (WAFs) highest, each with a 65 percent adoption rate.
  • Underinvesting in the human firewall. When respondents were asked what's inhibiting them from securing their employers' networks, "low security awareness among employees" was the top response for the fourth-consecutive year, followed by "lack of skilled personnel" and "too much data to analyze."

"If the definition of insanity is doing the same thing repeatedly and expecting a different result, then perhaps, as an industry, we're going insane," said Steve Piper, CEO of CyberEdge Group. "Each year, we invest more in security, yet frequency and severity of data breaches rise. But why? I believe I can offer two partial explanations, inspired by this year's Cyberthreat Defense Report. First, for the fourth-consecutive year, respondents indicate that ‘low security awareness among employees' is the greatest inhibitor. OK, then invest more in training! And second, we consistently hear that most data breaches stem from exploiting old vulnerabilities. OK, then get patching! Investing in best-of-breed security defenses is always prudent, but to stop the bleeding, we've got to invest more in our human firewalls and reducing our network attack surfaces."

"The findings of CyberEdge's latest Cyberthreat Defense Report are consistent with what we're seeing in the industry," said Mike Rothman, president of Securosis. "There are more attacks, more sophisticated malware, and more complexity ahead relative to skyrocketing cloud usage, all making it more challenging to execute on a security program. This difficulty is compounded by the global security skills shortage and the ongoing inability for most employees to not click on links that compromise their devices. On the positive front, budgets continue to increase and security initiatives are very high profile, consistently getting board room visibility. So all in all, it's the best of times and the worst of times for security folks."

Report Available Now

The 2017 Cyberthreat Defense Report is available now through each of the above sponsors and by connecting to the CyberEdge Group website at

Published Wednesday, March 08, 2017 9:27 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<March 2017>