During the month of November 2018, Spiceworks conducted an online survey among IT pros in the US and UK to gather insights to better understand current market practices related to endpoint security and assess
reasons why some organizations are not entirely secure.
We surveyed IT decision-makers with cybersecurity solution purchasing power at organizations with 500 to
5,000 employees and endpoints (desktops, laptops, and servers). The survey found that security decision makers in the majority of the sampled organizations feature a dissonance between the acknowledgement of what it takes to have a strong security posture, and the ability to maintain such posture in practice.
Despite more than half of them deploying one or more advanced security products (beyond AV and firewall) and utilizing MSSPs or MDR, only few describe their cyber defense as completely adequate, and most of them have experienced at least one significant breach in the course of the last twelve months. Security budget restraints appear to be the most likely root cause.
Key Insights Into Enterprise Security
Security budget is disproportionately lower than in large enterprises – The typical security budget for IT pros ranges from $50k to $250k which makes up less than 20% of the overall IT budget. Comparing these numbers to the average security spent in large enterprises is alarming: According to SANS, the average large enterprise spent between $10-$50M in fiscal year 2016.
Security decision makers understand that cybersecurity entails more than AV/firewall The vast majority of security decision makers acknowledge that basic AV/firewall is not enough to protect their environments and thus deploy at least one advanced security product with more than half engaging MSSP/MDR to augment their security posture. Nearly half reported they need incremental controls to better secure their infrastructure.
Significant Security Incidents are Common Reality
The majority of respondents reported at least one significant security event with tangible business impact the last twelve months, despite investments in both advanced security products that go beyond the basic AV/firewall suite and various engagement levels with MSSP.
Most Security Decision Makers Don’t Feel Completely Secured
Only a small portion of the respondents described their cyber defense as ‘completely adequate.’ In other words, most feel that there is a missing link in their security stack that’s not addressed by the deployed products and services.
Additionally, most respondents acknowledge the critical role of both proactive IT hygiene
(vulnerability assessment, etc.) and mature incident response capabilities, but don’t deploy the
respective tools out of budget constraints.
Cybersecurity is a CEO/BOD Issue Even in Mid-sized Companies
Security stakeholders within most companies meet on a regular basis with either the CEO or BOD to report and discuss the organization’s cybersecurity posture and future steps, indicating that cyberthreats are indeed perceived as a company issue and are not confined to the security team. Most IT pros discuss cybersecurity with executives once a year or more frequently, which aligns with both internal and external security audits occurring one to two times per year.
One More Thing…
When looking at these results, we see that forming a robust security posture from the currently available products is by definition out of reach. They know what they need but it is not within their means.
All-in-One Capability, Simplicity, and Easy Deployment
The surveyed IT professionals were then posed with a scenario: Imagine a solution that would allow you to:
1. Have host, user, file and network security in one place
2. Operate it easily and gain full security potential within your existing resources
3. Advance towards fully automated threat discovery and mitigation
4. Easily deploy and maintain with fast time-to-value
This is a very high-level description of what Cynet provides. Without knowing the solution provider’s
name, 56% of the respondents were either very or extremely interested – mainly because the proposed solution
held the promise of putting breach protection within their reach.
To read the full insights, download the complimentary Industry Report.