Independent Research Quantifies Growing Security Management Gap and Business Impact of External Web, Social, and Mobile Threats; Digital Transformation Emboldens Cyber Adversaries
August 23, 2017
68% of IT organizations have no to modest confidence to manage digital threats, despite a majority significantly increasing their near-term digital defense investments
SAN FRANCISCO – Aug. 23, 2017 – RiskIQ, the leader in digital threat management, today announced that it has published its 2017 State of Enterprise Digital Defense Report. Independent research for the report, which offers key insights into the current landscape of digital threats and the maturity of defenses to protect an organization’s digital presence, was conducted by IDG Connect. The findings quantify the security management gap and business impact of external web, social, and mobile threats. Survey respondents included 465 IT information security decision makers in organizations with more than 1,000 employees in the U.S. and U.K.
Businesses today are in the throes of digital transformation and accelerating their online presence to enrich products, deepen customer relationships, and boost their brand. Cyber adversaries have gone digital too, taking advantage of the digital ecosystem and user trust. Overall, the survey revealed a bleak outlook of organizations’ digital defense posture, with many enterprise security practitioners overwhelmed by the scale and tenacity of external digital threats and lacking confidence in their processes, systems, and tools. The results were not without shimmers of positivity as organizations expressed a substantive increase in buying tools and managed services. Further region and industry comparative differences are also evident.
“While the results were both eye-opening and disturbing, the survey findings and insights should empower corporate leadership and IT security professionals to examine how their organizations are protecting their businesses, customers, and brands, and fortifying digital transformation,” said Martin Veitch, editorial director at IDG Connect.
IDG Connect and RiskIQ will share research findings in a webcast entitled “State of Digital Defense - The Specter and Spectrum of Mitigating External Threats,” on Sept. 26 at 8 a.m. PT / 11 a.m. ET / 4 p.m. GMT. Click to download the full report: The State of Enterprise Digital Defense: The Spector and Spectrum of Mitigating External Threats
The survey1 found that business digital transformation and the external threat landscape have outpaced enterprise security capacity. According to respondents, an average of 40 percent of organizations experienced five or more significant security incidents in the past 12 months among most cited external threats: malware, ransomware, phishing, domain and brand abuse, online scams, rogue mobile apps, and social impersonation.
Although confidence in IT security management appears optimistic, overall survey findings showed a contradiction in efficacy and likely investment compared to where incidents have been most impactful. 68 percent of respondents express no to modest confidence to manage digital threats. 70 percent of respondents have no to modest confidence in reducing their digital attack surface, expressing the least confidence in threats against web, brand, and ecosystem assessment.
The majority of those surveyed are aware that some of their digital security measures are immature or ineffective, with only 31 percent expressing high confidence in the likelihood that their organizations can mitigate or prevent digital threats—despite all respondents increasing their near-term digital security spend. Over half of survey respondents expect their near-term digital defense investment to increase between 15 to 25 percent or higher.
Correspondingly, nearly half of respondents view cyber threat intelligence as ‘very important,’ and all respondents saw cyber threat intelligence tools as being very important or somewhat important—especially in fortifying research and in reducing time to respond to external threats. When asked about the value gained by integrating digital threat intelligence and management tools to other security control tools, firewalls, security event management and logging, risk assessment, systems management, and orchestration were regarded as benefiting the most.
- 68% cited no to modest confidence to manage digital threats
- Malware, phishing, domain infringement, online scams, mobile app exposures, and brand abuse were cited as most frequently reported incidents
- Big brands in banking, retail, and consumer goods had the most prevalence of attacks
- 70% cited no to modest confidence in reducing their digital attack surface
- 69% cited no to modest confidence to mitigate or prevent external digital threats
- Digital threat management appears more progressive among organizations in financial services, manufacturing, and consumer goods, as expressed by overall expenditure
- Larger companies felt that they were better able to update control systems and collaborate across departments, perhaps showing the benefits of scale
- Smaller companies felt best able to inform others about the status of external attacks, perhaps reflecting the benefits of having a smaller base to worry about
- 24% of healthcare and pharmaceutical respondents felt little to no confidence in their ability to assess digital risk
- Across industries, an average of 35 tools are employed to thwart web, social, and mobile threats
- 44% of organizations plan to increase digital defense investment by 15-25%, and 14% will increase tool and service expenditure by more than 25%; both U.S. and U.K. have similar spending expectations
- Organizations outsource a third of digital threat management tasks to managed security service providers, and outsourcing will grow by nearly 13% CAGR over the next two years
“We are pleased to sponsor the 2017 State of Enterprise Digital Defense Report. The independent research provides a useful litmus test for the level of exposure, controls, and investment regarding external web, social and mobile threats among global industries,” said Scott Gordon, chief marketing officer at RiskIQ. “The findings validate the need for enterprises to leverage cross-channel intelligence, automation, and resource optimization as they build out digital defenses to reduce operational and reputational risk.”
RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social, and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action to protect business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures. Visit RiskIQ.com or follow us on Twitter.
1 The State of Enterprise Digital Defense, 2017, by IDG Connect and RiskIQ, Inc.
© 2017 RiskIQ, Inc. All rights reserved. RiskIQ is a registered trademark of RiskIQ, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners.