Despite a majority of organisations significantly increasing their near-term digital defence investments
RiskIQ, the leader in digital threat management, today announced that it has published its 2017 State of Enterprise Digital Defence Report. The report, based on a survey of 465 information security decision makers in the US and UK, found that business digital transformation and the external threat landscape have outpaced enterprise security capacity.
According to respondents, an average of 40 per cent of organisations experienced five or more significant security incidents in the past 12 months among most cited external threats: malware, ransomware, phishing, domain and brand abuse, online scams, rogue mobile apps, and social impersonation.
Although confidence in IT security management appears optimistic, overall survey findings showed a contradiction in efficacy and likely investment compared to where incidents have been most impactful. 68 per cent of respondents express no to modest confidence to manage digital threats. 70 per cent of respondents have no to modest confidence in reducing their digital attack surface, expressing the least confidence in threats against web, brand, and ecosystem assessment.
The majority of those surveyed are aware that some of their digital security measures are immature or ineffective, with only 31 per cent expressing high confidence in the likelihood that their organisations can mitigate or prevent digital threats, despite all respondents increasing their near-term digital security spend. Over half of survey respondents expect their near-term digital defence investment to increase between 15 to 25 per cent or higher.
Correspondingly, nearly half of respondents view cyber threat intelligence as ‘very important,’ and all respondents saw cyber threat intelligence tools as being very important or somewhat important, especially in fortifying research and in reducing time to respond to external threats.
When asked about the value gained by integrating digital threat intelligence and management tools to other security control tools, firewalls, security event management and logging, risk assessment, systems management, and orchestration were regarded as benefiting the most.