The report finds that confidence in cybersecurity programs continues to remain steadfast despite the challenges brought on by COVID-19. Twenty-four percent of respondents gave their program an “A” rating, a decrease from the 30 percent rating in 2019. However, this was offset by increases to both grade “B” and “C” categories. The “D” grades stayed the same and grade “F” was reduced to zero.
Security breaches among those surveyed remained essentially unchanged from last year’s report at 16 percent. Given that nearly 60 percent of organizations detected a moderate to a dramatic increase in cyber attacks during and following the pandemic, it points to a rise in the overall breach prevention success rate. The report also provides insights into how successful organizations were able to adapt to the changing threat landscape.
“The global pandemic put the confidence of security teams in their programs to the test. Organizations faced concurrent challenges in managing the sudden, large-scale shift to remote work and the increase in COVID-related cyberattacks. Reports from previous years have shown organizations making gains in their security posture, and this was reflected in the responses of those able to rise and meet the challenges of COVID-19,” said Tim Heming, Security Evangelist. Added Helming, “This was a wakeup call for many, as almost a quarter of organizations plan to increase their security budgets as a result of COVID-19 to better prepare themselves for the future. Unfortunately, fifteen percent of organizations plan to cut budgets. While budget constraints are understandable, these cuts may well add to the stress already present.”
More than 520 security professionals from companies ranging in size, industry, and geography were surveyed about their security posture. They were asked to grade the overall health of their programs and give insights into their experiences navigating the COVID-19 pandemic. Almost 60 percent of respondents are on the cyber frontlines as security researchers, analysts, or threat hunters. Prominent findings include:
The report also looked at the most common threat vectors that organizations detect. Spearphishing (85 percent), malware (46 percent), and business email compromise (38 percent) are the three most predominant forms of attack, with spearfishing taking the lead, up 24 percent, and malware down 28 percent from last year.