What are the key considerations security decision makers should take into account when designing their 2020 breach protection? To answer this, we polled 1,536 cybersecurity professionals in The State of Breach Protection 2020 survey to understand the common practices, prioritizations and preferences of organization today in protecting themselves from breaches.

Highlights from the survey findings (download the full survey report here):

  • Lack of consolidation is a protection inhibitor. Organizations who currently deploy advanced security products report that maintaining a multi-product security stack (especially in advanced security product group) are stated as both the main obstacle in reaching the desired protection.
    • Only 11% rated their consolidation level in their organization as high
    • 78% stated that their main obstacle is the Management, maintenance and operational overhead of the security products already deployed
    • 72% said that difficulties in managing the security products in place is the main reason for stopping new security projects in 2020
    • 77% said that a solution that they would prioritize investing in a solution that is capable of consolidating their required breach protection functionalities.

  • Most organizations are prioritizing advanced protection projects in 2020. The majority of organizations that currently deploy a basic security stack of AV, firewall and email protection, plan to add EDR/EPP, Network Traffic Analysis or SIEM and are planning to do so in 2020.
    • 91%, 89% and 73% of polled organizations deploy Firewall, AV and Email Protection respectively.
    • 63%, 58% and 57% plan to initiate in 2020 SIEM, Network Traffic Analysis and EDR/EPP projects respectively.


  • Advanced threat protection still involves a high volume of attended alerts. All organizations that deploy SIEM, EDR/EPP, Network Traffic Analysis, UEBA or Deception products state that over 25% percent of alerts are left unattended on a daily basis.
    • Only 12% of organizations reported that less than 20% of alerts are left unattended on a daily basis.
    • As much as 77% of organizations state that 20%-60% of alerts are left unattended due to the capacity limits of their security team.

  • Deployment is the Achilles heel of endpoint protection. Only a small portion of organizations reported on deploying EDR/EPP on more than 85% of their endpoints with no deployment or maintenance issues. Because in many cases, EPP/EDR is regarded as the main mean against advanced attacks, this is an alarming figure.
    • 78% of organizations don’t have endpoint protection on 15%-45% of their endpoints due to deployment issues.

To gain more actionable knowledge on current breach protection trends and practices download the complete results.