The latest International Cyber Benchmarks Index™, for July 2017, is 7.4.
Based on the first two reporting periods, the index is trending upwards.
Impact of recent notable cyber events
Almost two-thirds of participants said specific* recent notable cyber events have directly affected the way they protect their enterprise, a 5% increase on the previous reporting period.
Cyber threats ranked in order of level of concern
During June-July 2017, Ransomware has continued to be of greatest concern followed by System compromise and then DDoS.
How threat of attack by various vectors has changed
During June-July 2017, Ransomware has continued most likely to be perceived as an increasing threat to organisations, followed by generalized phishing, DDoS and social engineering via email.
How organisations’ ability to respond to threats has changed
During June-July 2017, organisations have focused most on increasing their ability to respond to Ransomware and DDoS with the former becoming more of a focus since the May survey.
How the risk of attack from various actors has changed
During June-July 2017, organisations have continued to perceive the most likely increase in threats to be from Criminals and Unknown actors.
How threat landscape has changed
During June-July 2017, organisations have continued to perceive the threat landscape to be increasing most from the World at large and least from within their Own company.
Whether respondents have ever been on the receiving end of a DDoS
38% of enterprises surveyed in July 2017 have *ever been on the receiving end of a DDoS, down slightly on the previous reporting period.
* Note that the sample composition changes from wave to wave which explains why the trend for this question can be down as well as up.
Whether survey respondents outsource DDoS mitigation
38% of enterprises surveyed in July 2017 outsource their DDoS mitigation, down by 4% on the previous reporting period.
Length of time taken to initiate DDoS mitigation
In July 2017, enterprises continued to be most likely to take between 60 seconds and 5 minutes to initiate DDoS mitigation.