The research also concluded to the most common types of attacks, which are:

  • Malware/spyware (81%);
  • Phishing (64%);
  • External unsophisticated hackers (59%);
  • Cyber criminals (57%).

Moreover, according to the survey, a company’s threat perception varied based on the firm’s cyber security awareness. Namely, those who give a lot of attention to cyber security focus more on “Hacktivists” (52%) and malicious insider threats (40%), while cyber security beginners spend more time focusing on external threats (42%), such as partners, vendors, and suppliers.


In addition, regarding cyber resiliency, or processes after a cyber incident, cyber security leaders invest more in cyber resilience in comparison to their beginner counterparts. In fact, cyber security leaders, invest more cyber security resilience, spending 18% of the cyber budget in recovery, with cyber security beginners spending 14%.

Th study also found some other key highlights, which are as follows:

  • 91% of cybersecurity leaders feel their investment is enough to meet their needs;
  • 33% of cybersecurity beginners view their investment as enough to meet their need;
  • 73% of companies plan to use behaviour analytics as a cyber security tool over the next two year;
  • 80% of companies have at least a small amount of cyber security insurance.

Commenting on the study, Anthony Dagostino, global head of cyber risk, Willis Towers Watson, mentioned:

Leaders in cybersecurity are devoting significant resources towards protecting IT and risk functions within their organisations against external threats, but employee processes and training as well as corporate culture play a more integral role than many realize.

You can see the full report in the PDF herebelow