The latest International Cyber Benchmarks Index™, for March 2019, is 21.5, maintaining the upward trend.
Impact of cyber attacks
The vast majority of participants agreed that a Web Application Firewall (WAF) is an essential component of their security infrastructure. This increases the 11 months survey average by one point.
Whether using / willing to use tactics to identify attackers
One in five companies are already using forensic investigations / sophisticated methods to identify their attackers and only a minority rule out adopting these types of tactics in future.
Cyber threats ranked in order of level of concern
During January-February 2019, DDoS was again the greatest concern followed closely by System compromise and then Intellectual property.
How threat of attack by various vectors has changed
During January-February 2019, Generalized phishing was most likely to be perceived as an increasing threat to organisations, followed by Targeted hacking and DDoS.
How organisations’ ability to respond to threats has changed
During January-February 2019, organisations have again focused most on increasing their ability to respond to Ransomware and DDoS.
How the risk of attack from various actors has changed
During January-February 2019, organisations have perceived the most likely increase in threats to be from Criminals and Unknown actors.
How threat landscape has changed
During January-February 2019, organisations have continued to perceive the threat landscape to be increasing most from the World at large and least from within their own company.
Whether respondents have ever been on the receiving end of a DDoS
51% of enterprises surveyed in March 2019 indicated that they have been on the receiving end of a DDoS attack at some time, a higher proportion than in previous reporting periods*.
* Note that the sample composition changes from wave to wave which explains why the trend for this question can be down as well as up.
Whether survey respondents outsource DDoS mitigation
51% of enterprises surveyed in March 2019 outsource their DDoS mitigation, slightly more than the previous reporting period.
Length of time taken to initiate DDoS mitigation
In March 2019, enterprises were most likely to take between 60 seconds and 5 minutes to initiate DDoS mitigation, in line with previous reporting periods.