The latest International Cyber Benchmarks Index™, for May 2020, is 35.3, maintaining the sharp upward trend.
Ease of altering WAF policies to guard against new attacks and percentage of attacks bypassing WAF in last 12 months
3 in 10 have found it difficult to alter WAF policies to guard against new web application attacks and as many as 4 in 10 say that 50% or more attacks have bypassed their WAF in the last 12 months.
Percentage of network requests labelled false positives by WAF in last 12 months and whether WAF is integrated into other security features
3 in 10 say that 50% of network requests have been labelled as false positive by their WAF in the last 12 months and over 4 in 10% do not have a WAF that is fully integrated into other security functions.
Cyber threats ranked in order of level of concern
During March-April 2020, System compromise and DDoS were the greatest concerns followed by Ransomware.
How threat of attack by various vectors has changed
During March-April 2020, Social engineering - email was most likely to be perceived as an increasing threat to organisations, followed by DDoS and Ransomware.
How organisations’ ability to respond to threats has changed
During March-April 2020, organisations have continued to focus most on increasing their ability to respond to Targeted hacking, Vendor or customer impersonation and Ransomware.
How the risk of attack from various actors has changed
During March-April 2020, organisations have perceived the most likely increase in threats to be from Criminals and Unknown actors.
How threat landscape has changed
During March-April 2020, organisations have continued to perceive the threat landscape to be increasing most from the World at large and least from within their own company.
Whether respondents have ever been on the receiving end of a DDoS
68% of enterprises surveyed in May 2020 indicated that they have been on the receiving end of a DDoS attack at some time, up 3% on the previous reporting period*.
* Note that the sample composition changes from wave to wave which explains why the trend for this question can be down as well as up.
Whether survey respondents outsource DDoS mitigation
53% of enterprises surveyed in May 2020 outsource their DDoS mitigation, in line with the previous reporting period.
Length of time taken to initiate DDoS mitigation
In May 2020, enterprises were most likely to take between 60 seconds and 5 minutes to initiate DDoS mitigation, in line with previous reporting periods.