270 IT Security experts took part in the recent KuppingerCole digital risk and security awareness study. The results of this study will be published in December 2014.
The results of the survey are not unexpected: 85.6% of the participants have seen an increase in the number of cyber security threats over the past 12 months. Analyzing the causes of this increase shows that there are three main reasons for this changing perception.
- 58.7% of the respondents indicated that there is more publicly available information about cyber-attacks, resulting in a change in the perception of the threats to their organizations.
- Another important factor affecting the perception of these threats is due to information exchanges between industry peers. 53.4% named this as one of the reasons for the change.
- However, only 40.9% indicated that analysis of risks and threats leads to a significant increase in threat awareness.
These numbers lead to the following conclusions: Digital Threats and Risks at last have become a topic that is now widely discussed and this is helping to increase awareness. Only 33.3% found that their own risk and threat analysis was able to substantiate the perceived threat into hard fact. While we do not expect that such analysis would lead to a decrease in threat awareness, it would allow organizations to better understand threats and risks and thus lead to better planning of their countermeasures. We strongly recommend investing in an ongoing risk and threat analysis process to help protect your organization.
The sources of attack which cause the most concern were also researched as part of this study. These results show that attack by organized crime leads for 46.6% of respondents, insiders follow for 29.4%, while nation-state were only a concern to 11.3%. At the other end, politically motivated attacks were only of concern for 8.6%, and others at 4.1% are rarely the biggest concerns. Note the question asked about the single biggest concern, therefore insider attacks are still most likely to be considered a severe threat in most organizations.
It is also interesting to look at some of the details. More than 50% of the respondents giving nation-state attacks as their biggest threat are involved in critical infrastructures, while more than 40% came to this conclusion because their intellectual property is a likely target of nation-state industrial espionage.
Overall, these survey results show that organizations are well aware of the digital security threats that they face.
To get the full details of the many aspects covered by this study go to www.kuppingercole.com/reports in December to download your copy of the full document.
This article has originally appeared in the KuppingerCole Analysts' View newsletter.