FireEye Research Reveals 51% of Organizations Don’t Believe They are Ready for or Would Respond Well to a Cyber Attack or Breach
Inaugural FireEye Cyber Trendscape Report provides direct insights to help organizations benchmark their cyber security initiatives
MILPITAS, Calif., Nov. 4, 2019 – FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today released its inaugural FireEye Cyber Trendscape Report. FireEye surveyed over 800 CISOs and other senior executives across North America, Europe, and Asia to uncover attitudes towards some of cyber security’s most prevalent topics. Further, this global snapshot offers context that can aid critical planning discussions with key stakeholders.
“Our new FireEye Cyber Trendscape Report highlights the overall beliefs and perceptions of senior leaders regarding top cyber security priorities for 2020 and beyond, as well areas where they differ across the globe,” said Eric Ouellet, Global Security Strategist at FireEye. “These critical data points will help organizations to bring focus and clarity to their cyber security programs, while helping to expand the dialogue with senior leadership and the board.”
Vast majority of organizations to increase cyber security
With the perpetually shifting threat landscape, most of the organizations surveyed (over 90%) believe that the cyber threat landscape will stay the same or worsen in 2020. Further, the majority (51%) of organizations do not believe they are ready for or would respond well to a cyber attack or breach event. Moreover, 29% of organizations with cyber attack and breach response plans in place have not tested or updated them in the last 12 or more months.
To address concerns regarding the potential loss of sensitive data, customer impact, and business operation disruptions, the vast majority (76%) of organizations plan to increase their cyber security budget in 2020:
- Organizations most commonly expressed plans to bump cyber security spending by 1-9% over 2019 allocations
- The greatest number of U.S. participants indicated budgetary increase plans of 10% or more (39%), followed by the UK (30%) and South Korea (22%)
- However, 25% of organizations in Japan and 24% in South Korea indicated plans to keep their security spend the same year over year
Participating organizations were remarkably consistent in their views and perspectives of cyber security. The following sheds light on some of the more differentiated global viewpoints.
Japan organizations to prioritize detection capabilities in 2020Globally, organizations allocated their cyber security budgets into four main categories with the largest allocations going to the areas of prevention (42%) and detection (28%), followed by containment and remediation. However, Japan was the only country to break away from this order, expressing a greater emphasis on detection (40%) and then prevention (35%).
U.S. organizations take the lead in fully transitioning to the
Over 44% of global respondents expressed having transitioned some of their environment to the cloud, and that they were monitoring cautiously. Additionally, 35% had transitioned some of their environment with plans to continue, and 17% had completed a full cloud deployment. U.S. organizations reported being furthest along in adopting a cloud-first approach with 37% having finished a complete cloud migration.
Germany and Japan participants express concerns regarding cloud
Of the responding participants globally, 45% felt that the cloud was about as secure as on-premise, and a further 33% believed that the cloud was more secure. However, in both Germany and Japan, 24% of responding organizations perceived the cloud as being less secure – highlighting a disparity from the global average (18%).
France participants believe employee training to be a top
Globally, participants consistently identified the same solutions as having the most positive impact on their organization’s ability to prevent a cyber attack. Vulnerability management and security software took the lead (slightly above 16%). Employee training was the third (14%) followed by response plans and security hardware (both slightly above 12%).
When it came to cyber security investment areas with the greatest potential positive impact to an organization’s ability to prevent a cyber attack or breach, [France participants were the only ones to identify employee training as their top priority, if they did not have constraints. Further, research revealed that 1% of organizations surveyed in France do not have an employee cyber security training program in place, compared to the global average of slightly above 11%. In contrast, 25% of organizations in Germany and 23% in Canada report not having employee cyber security training in place. These numbers are especially concerning considering that a cyber attack can often result from just one employee clicking on a single hyperlink.
This research study was commissioned by FireEye and delivered by Kantar, an independent market research organization. Results were derived from an online survey fielded in July-August 2019 for a total of over 800 responses spanning across North America (US and Canada), Europe (France, Germany and the UK) and Asia (China, Japan and South Korea). Setup questions were used to ensure that only cyber security executives were in the sample, which was defined as those at the C-level or above, Vice President, or Senior Director level.
About FireEye, Inc
FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber-attacks. FireEye has over 8,500 customers across 103 countries, including more than 50 percent of the Forbes Global 2000.
© 2019 FireEye, Inc. All rights reserved. FireEye and Mandiant are registered trademarks or trademarks of FireEye, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.