RiskIQ has released the findings from its 2017 State of Enterprise Digital Defence Report, with the independent research carried out by IDG Connect.
Perhaps one of the most prominent concerns arising following the report is it appears digital transformation is a double-edged sword - while it comes with many benefits, it also opens the door to cybercriminals as the report reveals many organisations are trying to walk before they can crawl.
According to respondents (included 465 IT information security decision makers in organisations with more than 1,000 employees in the US and UK), an average of 40 percent of organisations experienced five or more significant security incidents in the past 12 months.
Furthermore, 68 percent of respondents express no to modest confidence to manage digital threats. 70 percent of respondents have no to modest confidence in reducing their digital attack surface, expressing the least confidence in threats against web, brand, and ecosystem assessment.
Editorial director at IDG Connect, Martin Veitch says that overall it paints a bleak picture of organisations’ digital defence posture, with many enterprise security practitioners overwhelmed by the scale and tenacity of external digital threats and lacking confidence in their processes, systems, and tools.
"While the results were both eye-opening and disturbing, the survey findings and insights should empower corporate leadership and IT security professionals to examine how their organisations are protecting their businesses, customers, and brands, and fortifying digital transformation," says Veitch.
The majority of respondents are aware that some of their digital security measure immature or ineffective, with only 31 percent expressing expressing high confidence in the likelihood that their organisations can mitigate or prevent digital threats—despite all respondents increasing their near-term digital security spend.
More than half of respondents expect their near-term digital defence investment to increase between 15-25 percent or higher. Encouragingly, almost half believe cyber threat intelligence is ‘very important’, while all respondents view cyber threat intelligence tools as being very important or somewhat important—especially in fortifying research and in reducing time to respond to external threats.
Some of the highlights from the research include:
- Malware, phishing, domain infringement, online scams, mobile app exposures, and brand abuse were cited as most frequently reported incidents
- Big brands in banking, retail, and consumer goods had the most prevalence of attacks
- Larger companies felt that they were better able to update control systems and collaborate across departments, perhaps showing the benefits of scale
- Smaller companies felt best able to inform others about the status of external attacks, perhaps reflecting the benefits of having a smaller base to worry about
- Across industries, an average of 35 tools are employed to thwart web, social, and mobile threats
- Organisations outsource a third of digital threat management tasks to managed security service providers, and outsourcing will grow by nearly 13 percent CAGR over the next two years
“The independent research provides a useful litmus test for the level of exposure, controls, and investment regarding external web, social, and mobile threats among global industries,” says Scott Gordon, chief marketing officer at RiskIQ.
“The findings validate the need for enterprises to leverage cross-channel intelligence, automation, and resource optimisation as they build out digital defenses to reduce operational and reputational risk.”