Neustar Logo

INTERNATIONAL CYBER BENCHMARKS INDEX TM

Latest Survey results - November 2022

The latest International Cyber Benchmarks Index™, for November 2022, is 59.5, maintaining the upward trend.

Whether organizations have enough budget to meet cybersecurity needs

Only half (49%) of organizations have enough budget to fully meet their cybersecurity needs today, while 1 in 9 (11%) can, at best, only protect their most critical assets.

2023 cybersecurity budgets and potential exposure of business to risk

A third (35%) of organizations will see their 2023 cybersecurity budget remain the same or decrease and 44% of these believe this will leave their business more exposed and at risk to some degree.

Biggest risks to IT security posture

The biggest current risks to IT security posture are ‘increased sophistication of attacks’ and ‘increased activity of attackers’. ‘Budget constraints’ also feed into this concern.

Whether hybrid working has increased reliance on third-party providers and left organizations more exposed

The majority (85%) believe hybrid working has increased reliance on third-party providers for outsourcing staff and resources, and a majority (78%) believe this has left their organization more exposed.

Whether current cybersecurity strategy is adequate to address emerging threats

Only a third (34%) believe their current cybersecurity strategy is very adequate with the majority (60%) considering it to be somewhat adequate.

Levels of agreement with statements concerning cybersecurity policies, C-suite decision-makers and budgeting

Whilst there is agreement that C-suite decision-makers understand the importance of defending against security threats, the majority (69%) are concerned about current budget constraints and their impact.

With increased integration with third-party providers, how is/are organization/customers exposed

During September-October 2022, DDoS was the greatest concern followed by System Compromise and then Ransomware.

How threat of attack by various vectors has changed

During September-October 2022, Ransomware, Generalized phishing and DDoS were most likely to be perceived as increasing threats to organisations.

How organisations' ability to respond to threats has changed

During September-October 2022, organisations have focused most on increasing their ability to respond to DDoS, Vendor or customer impersonation and Targeted hacking.

How the risk of attack from various actors has changed

During September-October 2022, organisations have perceived the most likely increase in threats to be from Criminals and Unknown actors.

How threat landscape has changed

During September-October 2022, organisations have continued to perceive the threat landscape to be increasing most from the World at large and least from EMEA.

Whether respondents have ever been on the receiving end of a DDoS

87% of enterprises surveyed in November 2022 indicated that they have been on the receiving end of a DDoS attack at some time, a 1% increase on the previous reporting period*.

* Note that the sample composition changes from wave to wave which explains why the trend for this question can be down as well as up.

Whether survey respondents outsource DDoS mitigation

57% of enterprises surveyed in November 2022 outsource their DDoS mitigation, a 1% increase on the previous reporting period.

Length of time taken to initiate DDoS mitigation

In November 2022, enterprises were most likely to take between 60 seconds and 5 minutes to initiate DDoS mitigation, in line with previous reporting periods.