Cyberthreat Defense Report 2020

The annual Cyberthreat Defense Report (CDR) collects and analyzes responses received from 1,200 IT security decision makers and practitioners, with the help of the world’s top cybersecurity firms, including PerimeterX. This year’s report represents 19 digitally connected industries and 17 countries.

Key findings include:

  • A record 81% of respondents’ networks were breached last year
  • A record 62% were comprised by ransomware and most paid the ransom
  • 13% of a typical enterprise IT budget is spent on security
  • Four in five security pros prefer products that feature ML and AI technology
  • Malware, spear-phishing, and ransomware cause the most headaches
  • ‘Detection of rogue insiders’ is rated as the most-challenging IT security function
  • ‘Lack of skilled personnel’ and ‘low security awareness’ are this year’s top inhibitors to IT security’s success
  • ‘Containerization / micro-virtualization’ is the most-wanted security technology for 2020


Deepak Patel, security evangelist with PerimeterX, commented on the report:

“While the report was completed and published before the full effect of COVID-19 could be assessed, the report nonetheless presents vital stats and insights into organizations’ posture and preparedness for cybersecurity .

Bad actors in cybersecurity continue to remain active in increased numbers. Over the past few years, the percentage of organizations affected by a cyberattack had plateaued. In 2019, it jumped to 80%. Organizations are now anticipating more attacks than ever, even with increased spending on security.

Another significant takeaway was that account takeover (ATO) or credential stuffing attacks rank within the top 5 cyberthreats across all verticals. This shows a disconnect with many organizations feeling confident about their security posture of websites and web applications. ATO attacks are business logic attacks and do not fall into the traditional definition of security threats that abuse communication protocols to gain access to user data. While companies are prioritizing the acquisition of web security technologies like API gateways, decision makers should also evaluate the business risk of all automated threats including ATO, carding and web scraping and new client-side threats like Magecart and digital skimming.

In 2020, preparedness for digital businesses is key. First and foremost, organizations must ensure that they have a knowledgeable staff of IT personnel. The inability to hire and retain cybersecurity talent remains a top concern for companies. To keep up with the increasing sophistication of cyberattacks across industries, the implementation of solutions based on machine learning and AI is necessary to proactively identify and mitigate new attack patterns and vectors. Organizations and their IT departments are gravitating in this direction, and as a result they will be better equipped to handle the dynamic nature of modern cyberthreats.”