Milpitas, USA: Over 90 percent of organizations surveyed believe that the cyberthreat landscape will remain unchanged or worsen in 2020, according to FireEye‘s inaugural FireEye Cyber Trendscape report.
Majority (51%) of these organizations do not believe they are ready for or would respond well to a cyberattack or breach event.
Moreover, 29% organizations with cyberattack and breach response plans in place have not tested or updated them in the last 12 or more months, found the FireEye commissioned survey.
Kantar, an independent market research conducted this online survey on behalf of FireEye in July-August this year quizzing over 800 C-suit security leaders / CISOs spanning North America (US and Canada), Europe (France, Germany and the UK) and Asia (China, Japan and South Korea).
The study highlighted five cybersecurity focus areas within organizations:
• The cyberthreat landscape
• Top cybersecurity program initiatives and overall maturity
• Balancing the needs of business operations and ensuring resilience cyberthreats
• Supporting security operations
• Driving cybersecurity efficiency
To address concerns regarding the potential loss of sensitive data, customer impact, and business operation disruptions, the vast majority (76%) of organizations plan to increase their cybersecurity budget in 2020:
- Organizations most commonly expressed plans to bump cybersecurity spending by 1-9% over 2019 allocations
- The greatest number of US participants indicated budgetary increase plans of 10% or more (39%), followed by the UK (30%) and South Korea (22%)
- However, 25% of organizations in Japan and 24% in South Korea indicated plans to keep their security spend the same year over year
Participating organizations were remarkably consistent in their views and perspectives of cybersecurity. The following sheds light on some of the more differentiated global viewpoints.
Japan organizations to prioritize detection capabilities in 2020
Globally, organizations allocated their cybersecurity budgets into four main categories with the largest allocations going to the areas of prevention (42%) and detection (28%), followed by containment and remediation. However, Japan was the only country to break away from this order, expressing a greater emphasis on detection (40%) and then prevention (35%).
US organizations take the lead in fully transitioning to the cloud
Over 44% of global respondents expressed having transitioned some of their environment to the cloud, and that they were monitoring cautiously. Additionally, 35% had transitioned some of their environment with plans to continue, and 17% had completed a full cloud deployment. US organizations reported being furthest along in adopting a cloud-first approach with 37% having finished a complete cloud migration.
Germany and Japan participants express concerns regarding cloud security
Of the responding participants globally, 45% felt that the cloud was about as secure as on-premise, and a further 33% believed that the cloud was more secure. However, in both Germany and Japan, 24% of responding organizations perceived the cloud as being less secure – highlighting a disparity from the global average (18%).
France participants believe employee training to be a top protection measure
Globally, participants consistently identified the same solutions as having the most positive impact on their organization’s ability to prevent a cyberattack. Vulnerability management and security software took the lead (slightly above 16%). Employee training was the third (14%) followed by response plans and security hardware (both slightly above 12%).
When it came to cybersecurity investment areas with the greatest potential positive impact to an organization’s ability to prevent a cyberattack or breach, France participants were the only ones to identify employee training as their top priority, if they did not have constraints.
Further, research revealed that 1% of organizations surveyed in France do not have an employee cybersecurity training program in place, compared to the global average of slightly above 11%.
In contrast, 25% of organizations in Germany and 23% in Canada report not having employee cybersecurity training in place. These numbers are especially concerning considering that a cyberattack can often result from just one employee clicking on a single hyperlink.
“Our new FireEye Cyber Trendscape Report highlights the overall beliefs and perceptions of senior leaders regarding top cybersecurity priorities for 2020 and beyond, as well areas where they differ across the globe,” said Eric Ouellet, Global Security Strategist – FireEye.
“These critical data points will help organizations to bring focus and clarity to their cybersecurity programs, while helping to expand the dialogue with senior leadership and the board,” added Ouellet.