Latest survey results - January 2022

The latest International Cyber Benchmarks Index™, for January 2022, is 54.1, maintaining the upward trend.

Extent to which organization has been impacted by Log4j vulnerability

Three-quarters of organizations have been impacted by Log4j vulnerability to some extent.

Ways in which organization has been impacted by Log4j vulnerability

Organizations are most likely to have been impacted through their IT/Security teams having to work over the holidays to assess risk and make critical changes to protect infrastructure/data.

Whether organization has fielded attacks targeting the Log4j vulnerability

Three-fifths of organizations have fielded attacks targeting the Log4j vulnerability.

Whether feel regulatory agencies should take legal action against organizations that fail to patch the flaw

A very clear majority agree that regulatory bodies should take legal action against organizations that fail to patch the flaw.

Cyber threats ranked in order of level of concern

During November-December 2021, DDoS was the greatest concern followed by Ransomware and then System Compromise.

How threat of attack by various vectors has changed

During November-December 2021, Ransomware, DDoS and Targeted hacking were most likely to be perceived as increasing threats to organisations.

How organisations' ability to respond to threats has changed

During November-December 2021, organisations have focused most on increasing their ability to respond to Vendor or customer impersonation, Targeted hacking and Ransomware.

How the risk of attack from various actors has changed

During November-December 2021, organisations have perceived the most likely increase in threats to be from Criminals and Unknown actors.

How threat landscape has changed

During November-December 2021, organisations have continued to perceive the threat landscape to be increasing most from the World at large and least from within their own company.

Whether respondents have ever been on the receiving end of a DDoS

84% of enterprises surveyed in January 2022 indicated that they have been on the receiving end of a DDoS attack at some time, up 2% on the previous reporting period*.

* Note that the sample composition changes from wave to wave which explains why the trend for this question can be down as well as up.

Whether survey respondents outsource DDoS mitigation

57% of enterprises surveyed in January 2022 outsource their DDoS mitigation, in line with the previous reporting period.

Length of time taken to initiate DDoS mitigation

In January 2022, enterprises were most likely to take between 60 seconds and 5 minutes to initiate DDoS mitigation, in line with previous reporting periods.