Latest survey results – October 2017

The latest International Cyber Benchmarks Index™, for October 2017, is 9.4,
maintaining the upward trend.

Impact of recent notable cyber events

Almost three-quarters of participants said specific* recent notable cyber events have directly affected the way they protect their enterprise, an 8% increase on the previous reporting period.

Changes implemented as a result of recent notable cyber events

Steps taken to mitigate similar cyber events

Cyber threats ranked in order of level of concern

During August-September 2017, System compromise has taken over from Ransomware as the greatest concern followed by Financial theft just ahead of Ransomware.

How threat of attack by various vectors has changed

During August-September, Targeted hacking was most likely to be perceived as an increasing threat to organisations, followed by Generalized phishing, Ransomware and DDoS.

How organisations’ ability to respond to threats has changed

During August-September, organisations have focused most on increasing their ability to respond to Generalized phishing and Ransomware and DDoS.

How the risk of attack from various actors has changed

During August-September, organisations have continued to perceive the most likely increase in threats to be from Criminals and Unknown actors.

How threat landscape has changed

During August-September, organisations have continued to perceive the threat landscape to be increasing most from the World at large and least from within their Own company.

Whether respondents have ever been on the receiving end of a DDoS

39% of enterprises surveyed in October 2017 have *ever been on the receiving end of a DDoS, in line with previous reporting periods.

* Note that the sample composition changes from wave to wave which explains why the trend for this question can be down as well as up.

Whether survey respondents outsource DDoS mitigation

38% of enterprises surveyed in October 2017 outsource their DDoS mitigation, in line with previous reporting periods.

Length of time taken to initiate DDoS mitigation

In October 2017, enterprises continued to be most likely to take between 60 seconds and 5 minutes to initiate DDoS mitigation.