Four in Five Organizations Were Compromised by a Successful Cyberattack Last Year,
With Nearly Half of Ransomware Victims Succumbing to Paying Ransoms


CyberEdge Group, the leading research and marketing firm serving the security industry’s top vendors, today announced the availability of its sixth annual Cyberthreat Defense Report (CDR). New this year, the report found that IT security’s greatest inhibitor to success is contending with too much security data. To address this challenge, 47 percent of respondents acknowledged their organization’s intent to acquire advanced security analytics solutions that incorporate machine learning (ML) technology within the next 12 months. Such investments help to mitigate the risks of advanced cyberthreats missed by traditional security defenses, aiding enterprise cyberthreat hunting endeavors.


With 1,200 IT security decision makers and practitioners participating from 17 countries, six continents, and 19 industries, CyberEdge’s CDR is the most comprehensive study of security professionals’ perceptions in the industry. This study provides a 360-degree view of cyberthreats, current defenses, and planned security investments by organizations of all sizes and across all industries.


Key Findings

The 2019 CDR yielded dozens of insights into the challenges IT security professionals faced in 2018 and the challenges they’ll likely continue to face for the rest of this year. Key findings include:


  • Hottest security technology for 2019. Advanced security analytics tops 2019’s most wanted list not only for the security management and operations category, but also for all technologies in this year’s report.
  • Machine learning garners confidence. More than 90 percent of IT security organizations have invested in ML and/or artificial intelligence (AI) technologies to combat advanced threats. More than 80 percent are already seeing a difference.
  • Attack success redux. The percentage of organizations affected by a successful cyberattack ticked up this year, from 77 percent to 78 percent, despite last year’s first-ever decline.
  • Caving in to ransomware. Organizations affected by successful ransomware attacks increased slightly from 55 percent to 56 percent. More concerning, the percentage of organizations that elected to pay ransoms rose considerably, from 39 percent to 45 percent, potentially fueling even more ransomware attacks in 2019.
  • Container security woes. For the second year, application containers edge mobile devices as IT security’s weakest link.
  • Web application firewalls rule the roost. For the second year, the web application firewall (WAF) claims the top spot as the most widely deployed app/data security technology.
  • Worsening skills shortage. IT security skills shortages continued to rise, with 84 percent of organizations experiencing this problem compared to 81 percent a year ago.
  • Security’s slice of the IT budget pie. On average, IT security consumes 12.5 percent of the overall IT budget. The average security budget is going up by 4.9 percent in 2019.


“Security analytics and machine learning could very well hit their stride in 2019,” said Steve Piper, CEO of CyberEdge Group. “We surveyed our research participants on their intended cyber investments across a broad range of security technologies. Respondents identified ‘advanced security analytics with machine learning’ as the most-wanted security technology for the coming year. This makes sense, given that ‘too much data to analyze’ surpassed ‘lack of skilled personnel’ as the greatest inhibitor to IT security’s success.”


“A decade after the transformative Aurora attack, you have to start wondering how long organizations can sustain such elevated investments in cybersecurity. Beanstalks don’t grow to the sky, right?” said Mike Rothman, president of Securosis. “Yet, the data tells another story. According to this year’s CDR report, the average security budget consumes 13 percent of the overall IT budget, up from 5 percent just two decades ago. And it continues to grow, with an average of 5 percent planned growth moving forward. Exacerbated by the critical shortage of qualified IT security personnel, there will be a continued focus on smart investment in technologies that make security more effective and efficient.”


About the Cyberthreat Defense Report

In November 2018, 1,200 IT security decision makers and practitioners completed a 27-question online survey. Each participant was employed by a commercial or government entity with a minimum of 500 employees. Participants stemmed from six geographic regions, as follows:


  • North America: United States and Canada
  • Europe: United Kingdom, Germany, France, Spain, and Italy
  • Asia Pacific: Australia, China, Singapore, and Japan
  • Middle East: Saudi Arabia and Turkey
  • Latin America: Brazil, Colombia, and Mexico
  • Africa: South Africa


The Cyberthreat Defense Report is designed to complement Verizon’s annual Data Breach Investigations Report, which evaluates the cyberthreat landscape and describes how threats are used to penetrate computer networks. This report assesses organizations’ security posture, gauges perceptions about cyberthreats, and ascertains future plans for improving security and reducing risk. It provides deep insights into how IT security professionals perceive cyberthreats and what they’re doing to defend against them.


The 2019 CDR is sponsored by several leading information security vendors, including:


  • Platinum sponsors: Code42, DXC Technology, Gigamon, and Imperva
  • Gold sponsors: Aqua Security, LookingGlass, Recorded Future, and StackRox
  • Silver sponsors: Arctic Wolf, Bandura, CTERA, DisruptOps, Edgeworx Solutions, and Illusive Networks


Report Available Now

The 2019 Cyberthreat Defense Report is available now through each of the above sponsors and by connecting to the CyberEdge Group website at


About CyberEdge Group

CyberEdge Group is an award-winning research and marketing consulting firm serving the diverse needs of information security vendors and service providers. Headquartered in Annapolis, Maryland with three-dozen consultants based across North America, CyberEdge boasts more than 125 of the security industry’s top vendors as clients. The company’s annual Cyberthreat Defense Report provides information security decision makers and practitioners with practical, unbiased insight into how enterprises and government agencies defend their networks against today’s complex cyberthreat landscape. For more information, visit


#          #          #


The CyberEdge Group name and logo are trademarks of CyberEdge Group, LLC in the United States and other countries. All other trademarks and service marks are the property of their respective owners.