The survey

The survey mainly consists of a short series of questions, focusing on the issues related to cyber security, tracked over time. Additionally, a current topic of interest is introduced each survey to get a fresh perspective.

The tracked questions used for the index this period:

1. Impact of cyber attacks

Companies nowadays face ever present application level threats via Botnets such as Mirai or the more recent Satori. Do you agree that a Web Application Firewall (WAF) is an essential component of your security infrastructure? Yes / No

2. Most threatening cyber threats

In the past two months (since 1 July 2020), which of these cyber threats have been of most concern to you? Please rank from 1 as the highest threat to 6 as the lowest.

Ransomware; System Compromise; DDoS; Insider threat; Intellectual property; Financial theft

3. Whether level of threat has changed

In the past two months (since 1 July 2020), how has the threat of attack to your organization by the following vectors changed? Increased / Stayed the same / Decreased

Generalized phishing; Spear phishing; IP address hijacking; DNS compromise; DDoS; Social engineering – email; Social engineering – phone; Social engineering – text; Extortion; Targeted hacking; Supply chain compromise – physical; Supply chain compromise – cyber; Vendor or customer impersonation; Ransomware

4. Ability to respond to threats

In the past two months (since 1 July 2020), how has your ability to respond to these threats changed? Increased / Stayed the same / Decreased

Generalized phishing; Spear phishing; IP address hijacking; DNS compromise; DDoS; Social engineering – email; Social engineering – phone; Social engineering – text; Extortion; Targeted hacking; Supply chain compromise – physical; Supply chain compromise – cyber; Vendor or customer impersonation; Ransomware

5. Whether level of attack has changed

In the past two months (since 1 July 2020), how has the risk of attacks from the following actors changed? Increased / Stayed the same / Decreased

Competitors; Social activists; Nation/state actors; Criminals; Insiders; Unknown

6. Whether threat landscape has changed for enterprise

In the past two months (since 1 July 2020), do you think the threat landscape as it relates to your enterprise for each area shown below has increased, remained the same, or decreased?

The world at large; EMEA; Your country; Your industry; Your company/organization

7a. Whether impacted by DDoS
Has your enterprise ever been on the receiving end of a DDoS? Yes / No

8a. Whether DDoS mitigation outsourced
Does your enterprise outsource your DDoS mitigation? Yes / No

8b. Speed of initiating DDoS mitigation
How long does it take before your enterprise is able to initiate DDoS mitigation? Within 60 seconds / Between 60 seconds and 5 minutes / Longer than 5 minutes

Questions of the month

Q1a. Which of these options best describes your organization’s relationship with security threat data?

The threat data we receive is timely and actionable, helping us to make key security decisions; The threat data we receive is timely but not actionable; The threat data we receive is actionable but not timely; The threat data we receive is neither actionable nor timely enough to help guide key security decisions

Q1b. By the time you receive threat data, how accurate and relevant do you think it is to the threats your organization is facing at that moment?

Extremely accurate and relevant, Mostly accurate and relevant, Somewhat accurate and relevant, Rarely accurate and relevant

Q1c. How fresh is the threat data that your organization bases key security decisions upon?

Our threat data is near real-time; We receive updates hourly; We receive updates several times a day; We receive updates within 24 hours; We only receive sporadic updates, and it usually takes several days

Q1d. Within the past 12 months, has your organization been the victim of a successful domain spoofing attempt?

Yes, No

Q1e. Within the past 12 months, has your organization been the victim of a successful domain hacking attempt?

Yes, No