CyberEdge Group announced the availability of its eighth annual Cyberthreat Defense Report (CDR). The award-winning CDR has rapidly become the de facto standard for assessing organizations' security posture, for gauging perceptions of information technology (IT) security professionals, and for ascertaining current and planned investments in IT security infrastructure - across all industries and geographic regions.

Pandemic-fueled security challenges

IT security teams faced unprecedented challenges last year fueled by dramatically expanded work-from-home (WFH) programs, increased bring-your-own-device (BYOD) policy adoptions, and rising internal and third-party risks stemming from the COVID-19 pandemic. Fallout included:

• Record-setting successful attacks. 86% of organizations experienced a successful attack, up from 81% the prior year, the largest year-over-year increase in six years.
• Record-setting ransomware attacks. 69% of organizations were victimized by ransomware, up from 62% the prior year. 57% of victims paid a ransom. Of those who paid, 28% failed to recover their data.
• Record-setting personnel shortages. 87% of organizations are experiencing a shortfall in skilled IT security personnel, up from 85% the prior year. IT security architects and engineers are in highest demand.

Rise in cloud-based security solutions

The percentage of IT security applications and services delivered via the cloud jumped from 36% to 41% in just one year. This supports key findings from CyberEdge research published in October 2020, "The Impact of COVID-19 on Enterprise IT Security Teams," where we learned that three in four IT security professionals (75%) had increased their preference for cloud-based security solutions. In this study, we also learned that remote workforces increased by 114% and BYOD policy adoptions increased by 59% during the pandemic. So, it's no surprise that many IT security teams are shifting their security infrastructure investments from traditional, on-premises offerings to modern, cloud-based solutions.

"The challenges faced by IT security professionals throughout the pandemic have been overwhelming," says Steve Piper, founder and CEO of CyberEdge Group. "Within the last 12 months, security teams have had to provide connectivity for a remote workforce that has more than doubled while mitigating risks associated with unmanaged, employee-owned devices. It's no wonder we're witnessing record-setting data breaches, ransomware attacks, and internal and third-party security risks. This year, we dedicate our CDR to the hardworking men and women who have worked tirelessly to keep our networks safe under the most difficult of circumstances."

Additional key findings

The 2021 CDR yielded dozens of insights into the challenges IT security professionals faced last year and the challenges they'll likely continue to face for the rest of this year. Key findings include:

• Slowing security spending. The average security budget will grow in 2021, but at a slower rate than a year ago (from 5% to 4% growth). For the first time in CDR history, the percentage of organizations with rising security budgets has declined.
• Hottest security tech for 2021. Among the most sought-after security technologies in 2021 are next-generation firewalls (network security), deception technology (endpoint security), bot management (app and data security), threat intelligence platforms (security management and operations), and biometrics (identity and access management).
• Embracing emerging technologies. The vast majority of organizations have embraced emerging security technologies such as SD-WAN (82%), zero trust network architectures (75%), and security access service edge (SASE) (74%).
• This year's weakest links. Mobile devices, internet of things (IoT) devices, and industrial control systems/supervisory control and data acquisition (ICS/SCADA) devices top this year's list of IT components most challenging to secure.
• Decryption woes. Nearly nine in 10 organizations (88%) face challenges with decrypting Secure Sockets Layer/Transport Layer Security (SSL/TLS) traffic for inspection by network security tools. Failing to inspect encrypted web traffic elevates risks of cyberattacks and potential data exfiltration.
• Training and specialty certifications in demand. Nearly all (99%) research participants agreed that achieving an IT security specialty certification would boost their careers. Cloud security topped the list of eight specialty certifications in highest demand.
• Integrating app and data security. "Simplified security monitoring" and "improved customer support experience" are cited as the top benefits achieved by integrating application and data security into the same platform.
• Underinvesting in human vigilance. "Low security awareness among employees" tops this year's list of IT security team inhibitors for successfully defending against attacks.
• Reaping the benefits of DevSecOps. 93% of responding organizations are already realizing the benefits of DevSecOps practices. "Increased speed of deploying application updates" is the most-notable benefit achieved.
  

The 2021 Cyberthreat Defense Report is available from all sponsors or by visiting the CyberEdge Group website at www.cyber-edge.com/cdr.