KnowBe4 2019 Security Threats and Trends Report – October 2019
The yearly, independent, KnowBe4 2019 Security Threats and Trends Survey polled 600 organizations worldwide mid-2019 on the major security issues they will face in the next 12 to 18 months.
A majority of corporations – 86% – have proactively amplified security initiatives over the last year to combat the increase in cybersecurity attacks. Nearly nine out of 10 businesses – 89% – say they’re currently better equipped to deal with security threats than they were in 2018.
However, organizations still face significant challenges when it comes to their security initiatives. Three quarters or 76% of organizations say the biggest and most persistent security threat comes from “the enemy from within” – careless end users – who regularly clicks on bad links, placing organizations at higher risk of falling victim to email phishing, ransomware, CEO fraud scams and various forms of malware. And 58% of organizations cite budgetary constraints as an ongoing challenge in upgrading security.
Of the 89% of respondents who say that their firms are more prepared to cope with security threats, 36% say they’re “much better equipped.” However, a 53% majority of those polled more cautiously characterize their companies as “somewhat more prepared,” than they were 12 to 18 months ago, and added the caveat that “we need to do more to secure our environment.” Only a six percent minority believed that their firms were less prepared to deal with security issues in 2019 than they were the same time a year ago.
KnowBe4’s latest survey results find that enterprises are well aware of the need to fortify security and safeguard data assets and intellectual property in light of various cybersecurity threats. These include but are not limited to: viruses and malware; sophisticated email phishing and CEO fraud scams—aka Business Email Compromise;— social engineering; password attacks; denial of service attacks; data leaks; open ports on servers and routers; targeted attacks by hackers; corporate espionage; attacks at the network edge; lost and stolen devices; and lack of security on employer and employee-owned bring your own devices (BYOD).
A near unanimous 96% of organizations say that email phishing scams pose the biggest security risk, followed by 76% who identify end user carelessness and 70% of respondents who cite social engineering as the biggest security threats facing their firms over the next 12 months ( See Exhibit 1) . And in a nod to the growing sophistication of the organized hacking community, nearly half or 46% of respondents fear their organizations may fall victim to a targeted attack. This is an increase of 11 percentage points from the 35% of organizations that perceived targeted hacks as a danger in KnowBe4’s 2014 Security Threats and Trends Survey.
Among the other survey highlights:
- Despite the well-documented increase in cyber threats, 43% of KnowBe4 survey participants still don’t allocate a significant portion of their IT budgets towards security expenditures ( See Exhibit 3) . One-third or 30% of respondents don’t have a separate security budget and another 13% say the organization’s security budget is less than $25,000 annually.
- Only 14% of organizations say they’re concerned about insider attacks from internal employees.
- Half – 50% – of participating companies report their security and IT staff are overworked and 40% say their organizations will face a shortage of skilled security professionals within the next 12 months.
- An 82% majority of respondents say proactive security maintenance (e.g., installing upgrades and patches) is a top priority over the next 12 months. That was followed by 61% of organizations that cite the need to keep pace with the latest security threats and 61% that say updating and enforcing computer security policies is major concern for their organization.
- Some 27% of respondents identify their organizations’ inability to identify, quickly respond to and shut down hacks over the next 12 months as a top challenge and source of concern.
- Only 18% of organizations calculate the hourly cost of downtime related to security hacks.
- A 53% majority allow employees to access the corporate network and data using BYOD. However, only 39% of organizations currently have a plan to respond if a BYOD such as a laptop, tablet or smart phone is hacked, stolen or lost.
The KnowBe4 survey responses also underscore the importance of upgrading security and training internal security and IT administrators as well as end users. Hackers are continually upping their game. As Exhibit 1 below illustrates, organizations must contend with and defend their devices and networks against a wide array of security threats.
Exhibit 1. Organizations say phishing scams, end user carelessness and social engineering are top security threats
Source: KnowBe4 2019
The KnowBe4 2019 Security Threats and Trends Survey presents a comprehensive picture of organizations’ most pressing security issues and challenges over the next 12 to 18 months. It also offers actionable insights, via anecdotal essay comments and first-person interviews with C-level executives as well as IT and security administrators as to how organizations intend to proactively defend their data assets from hackers going forward. To read the full report see our blog entry here.