A recent online survey has shed light on organizational attitudes towards cyber security initiatives and the differences across geographical regions.

In a survey of over 800 CISOs and other senior executives across North America, Europe, and Asia to uncover attitudes towards some of cyber security’s most prevalent topics, most of the responding organizations (over 90%) believe that the cyber threat landscape will stay the same or worsen in 2020.

Further, the majority (51%) of organizations do not believe they are ready for or would respond well to a cyber attack or breach event. Moreover, 29% of organizations with cyber attack and breach response plans in place have not tested or updated them in the last 12 or more months.

The inaugural survey, commissioned by security company FireEye and conducted by Kantar, an independent market research organization, involved an online survey fielded in July-August 2019 for a total of over 800 responses spanning across North America (US and Canada), Europe (France, Germany and the UK) and Asia (China, Japan and South Korea). Setup questions were used to ensure that only cyber security executives were in the sample, which was defined as those at the C-level or above, Vice President, or Senior Director level.

Said Eric Ouellet, Global Security Strategist at FireEye: “Our new FireEye Cyber Trendscape Report highlights the overall beliefs and perceptions of senior leaders regarding top cyber security priorities for 2020 and beyond, as well areas where they differ across the globe. These critical data points will help organizations to bring focus and clarity to their cyber security programs, while helping to expand the dialogue with senior leadership and the board.”

Vast majority of organizations to increase cyber security budgets

To address concerns regarding the potential loss of sensitive data, customer impact, and business operation disruptions, the vast majority (76%) of organizations plan to increase their cyber security budget in 2020:

  • Organizations most commonly expressed plans to bump cyber security spending by 1-9% over 2019 allocations
  • The greatest number of U.S. participants indicated budgetary increase plans of 10% or more (39%), followed by the UK (30%) and South Korea (22%)
  • However, 25% of organizations in Japan and 24% in South Korea indicated plans to keep their security spend the same year over year

Participating organizations were remarkably consistent in their views and perspectives of cyber security. The following sheds light on some of the more differentiated global viewpoints.

Japan organizations to prioritize detection capabilities in 2020

Globally, organizations allocated their cyber security budgets into four main categories with the largest allocations going to the areas of prevention (42%) and detection (28%), followed by containment and remediation. However, Japan was the only country to break away from this order, expressing a greater emphasis on detection (40%) and then prevention (35%).

U.S. organizations take the lead in fully transitioning to the cloud

Over 44% of global respondents expressed having transitioned some of their environment to the cloud, and that they were monitoring cautiously. Additionally, 35% had transitioned some of their environment with plans to continue, and 17% had completed a full cloud deployment. U.S. organizations reported being furthest along in adopting a cloud-first approach with 37% having finished a complete cloud migration.

Germany and Japan participants express concerns regarding cloud security

Of the responding participants globally, 45% felt that the cloud was about as secure as on-premise, and a further 33% believed that the cloud was more secure. However, in both Germany and Japan, 24% of responding organizations perceived the cloud as being less secure—highlighting a disparity from the global average (18%).

France participants believe employee training to be a top protection measure

Globally, participants consistently identified the same solutions as having the most positive impact on their organization’s ability to prevent a cyber attack. Vulnerability management and security software took the lead (slightly above 16%). Employee training was the third (14%) followed by response plans and security hardware (both slightly above 12%).

When it came to cyber security investment areas with the greatest potential positive impact to an organization’s ability to prevent a cyber attack or breach, France respondents were the only ones to identify employee training as their top priority, if they did not have constraints.

Further, research revealed that 1% of organizations surveyed in France do not have an employee cyber security training program in place, compared to the global average of slightly above 11%. In contrast, 25% of organizations in Germany and 23% in Canada report not having employee cyber security training in place. These numbers are especially worrying considering that a cyber attack can often result from just one employee clicking on a single hyperlink.