When you are looking to launch your products onto the market in a new country it is always wise to carry out some market research. When security vendor Cyren launched into the UK earlier this year they did their own market research (registration required). Cyren were formerly known as CommTouch and the new branding and research is helping to launch the new brand. Cleverly the research carried out was also output as a security report that delivered some interesting insights about businesses and cybersecurity in the UK.
Better research, better answers from Cyren
Why is this research different from so many others? It’s all about the methodology. Most surveys are driven through a web site with specific answers required to prepared questions. While Osterman Research, who carried out the survey, only had 102 respondents they used an interview process to complete the survey. This should have ensured a higher quality to the answers as respondents could be asked for clarification about their responses.
What isn’t clear from the report is how the results were analysed. The data is displayed as though the responses were delivered in a quantitative rather than qualitative manner which might limit the quality of the survey. However, it backs up what other similar surveys have found over the last few months which adds validity to the findings.
The survey was spread across companies with 100 to 5,000 employees and spread across multiple industries. The exact demographic breakdown was not available. However, the survey should provide a litmus test of the business perception around the security market at the moment. The research was carried out in February 2017.
The report findings
The report is split into four sections: an executive summary, security concerns of UK businesses, the landscape of web security solutions, security for the modern workforce and email security deployment.
It details how many security staff members there are in organisations for every 100 employees. In small companies the average is just over one and this reduces as organisations get larger. However, it isn’t clear in the small sample whether employees were dedicated to that task or not. The survey respondents were either security analysts or IT managers with knowledge of the organisations cybersecurity strategy.
The research found that security breaches are common. Smaller organisations (85%) are likely to have suffered at least one breach over the last twelve months. That figure drops to 75% for larger organisations.
The nature of the breaches varies. Virus and worms are the most common attack vector with smaller businesses suffering more than any other. 79% of small organisations (100-1,000 employees) suffered from a virus or worm in the last year. Phishing attacks are another major concern. They affected 53% of medium sized organisations (1,001-2,500 employees) and 48% of large organisations. Targeted attacks such as spear phishing occur more often to large organisations (42%) than any other.
Deeper demographics information might have been revealed more interesting facts. For example which industries saw targeted attacks as more of an issue. However, there is a lot of data already available from other security vendors on this.
Interestingly the highest concern of security specialists was a data breach and loss of confidential data. The problem here is the various vectors that gather that information. Targeted attacks, zero day exploits and ransomware are all seen as an equal threat (53%).
Pornography is the main focus of controlling web usage while Shadow IT is not. Within smaller organisations only 9% are worried by it. This may be more down to the sophistication of IT departments in smaller organisations. It is a shame that the research did not go a step further and identify the why’s. It may also have varied by industry.
What is clear from the research is that IT Managers are not confident about their ability stop cyber attacks. The effectiveness of solutions they have do not even match the concerns. Only 29% of respondents believe their solution protects against targeted and zero day attacks. The most effective is 51% for phishing attacks. This is good news for Cyren as it looks to market its cloud-based cyber security solutions onto the market.
Is mobile the weak link
Most organisations protect their employee laptops when working remotely. However less than 25% said they protect mobile devices. These are a weak link whether they are BYOD or company owned devices. As devices become more sophisticated there is an increasing number of threats to mobiles.
Endpoint protection is used for laptops almost exclusively but there are other web based solutions that are out there. The issue with end point protection is that it needs updating regularly to be relevant.
Who is responsible for email security
There were some interesting statistics around email and its protection. While 65% of respondents use a managed security service, 9% have not deployed additional email security. One wonders why! Generally, the larger the company the more comprehensive the security solution. There is an anomaly though with more mid-sized companies not having deployed additional services.
The problem with the statistics provided is that they do not look at the solutions holistically. The statistics cannot be taken to mean that mid-sized companies are more vulnerable than smaller ones as their completes security approach may be different.
This is a very interesting report to read for any IT Manager as they consider their current strategy. It provides a snapshot benchmark of what peers are concerned about and considering. For Cyren it provides them with an idea of which markets they need to target with comprehensive web-based security solutions. These include web, email and mobile security as well as several threat intelligence services.
Michael Osterman, Principal Analyst of Osterman Research commented: “There is a serious and growing cyber security problem for businesses of all sizes in the UK, considering that 75 percent report falling victim to a cyber-attack or even multiple attacks during the past year.
“Business IT decision makers need to take a fresh look at their security in order to combat the rising tide of ransomware, phishing, targeted attacks, data breaches and other threats.”
Whether companies have the budgets to invest in new solutions was not revealed in the report. It does, however, identifying where existing budgets should be spent. It also raises the question of whether moving to a cloud-based model is correct for the organisations.