A global survey of IT professionals and leaders of over 800 organizations reveals that more than a quarter of organizations surveyed has reported being the target of a security-related incident in the last 12 months.
Of these organizations that have been targeted, 71.3% are subject to security compliance requirements such as HIPAA, PCI, SOX, GDPR, and ITAR/CMMC. The survey focuses on IT security measures within organizations, along with how these measures relate to the compliance requirements created by governing bodies.
While no strict causality exists between the rate of incidents and the presence of compliance requirements, one can conclude that organizations that operate in industries or territories with a higher incidence of cyber-attacks are more likely to be regulated by compliance requirements.
In fact, the survey found that 3 in 10 organizations (30.4%) that are required to conform to compliance requirements have reported being the target of an IT security-related incident in the last year, in comparison to 22.8% of those not required to follow compliance regulations.
The high incidence of IT security-related incidents among organizations that are subject to regulatory requirements may also explain why 70.5% of organizations find it necessary to invest in IT security beyond what is mandated by compliance standards.
Some key insights:
- Attacks via email account for 71% of all reported incidents
- 85.6% of organizations report Ransomware as a significant security concern for the next 12 months
- Rate of IT security incidents grows with company size
- The majority of organizations (69.3%) use 4 to 8 IT security measures
- Spam filtration is the most commonly used security (84.4%)
- Only 28.4% of organizations say IT spend is driven by top security concerns ‘most’ or ‘all’ of the time
You can read a full breakdown from our valued vendor partner Hornetsecurity here...