The research also concluded to the most common types of attacks, which are:
- Malware/spyware (81%);
- Phishing (64%);
- External unsophisticated hackers (59%);
- Cyber criminals (57%).
Moreover, according to the survey, a company’s threat perception varied based on the firm’s cyber security awareness. Namely, those who give a lot of attention to cyber security focus more on “Hacktivists” (52%) and malicious insider threats (40%), while cyber security beginners spend more time focusing on external threats (42%), such as partners, vendors, and suppliers.
In addition, regarding cyber resiliency, or processes after a cyber incident, cyber security leaders invest more in cyber resilience in comparison to their beginner counterparts. In fact, cyber security leaders, invest more cyber security resilience, spending 18% of the cyber budget in recovery, with cyber security beginners spending 14%.
Th study also found some other key highlights, which are as follows:
- 91% of cybersecurity leaders feel their investment is enough to meet their needs;
- 33% of cybersecurity beginners view their investment as enough to meet their need;
- 73% of companies plan to use behaviour analytics as a cyber security tool over the next two year;
- 80% of companies have at least a small amount of cyber security insurance.
Commenting on the study, Anthony Dagostino, global head of cyber risk, Willis Towers Watson, mentioned:
Leaders in cybersecurity are devoting significant resources towards protecting IT and risk functions within their organisations against external threats, but employee processes and training as well as corporate culture play a more integral role than many realize.
You can see the full report in the PDF herebelow