Micro Focus is now part of OpenText. Learn more >

You are here

You are here

35 stats that matter to your Security Operations team

public://pictures/Jaikumar-Vijayan-Freelance-Writer.png
Jaikumar Vijayan Freelance writer
 

The COVID-19 pandemic and the resulting shift to a largely remote workforce resulted in new security challenges for many organizations in 2020.

In addition to dealing with a constantly changing threat environment, security groups had to suddenly find ways to address risks to the enterprise network and data posed by home-based workers. Remote connectivity and collaboration tools including VPNs and videoconferencing platforms suddenly became big targets for attackers, as did the cloud-based services and file-sharing platforms used by work-from-home employees.

Security groups had to find ways to deal with these new issues even as they struggled to address challenges related to ongoing cloud adoption and digital transformation initiatives. In many cases, organizations' security teams looking after cyber defenses were severely understaffed and unable to find the resources required to fulfill their mission. The trend drove growing interest in managed security services providers and cloud-hosted security services.

Here are the SecOps stats that your team should be tracking. 

Security operations centers 

96%: Organizations that use the cloud

The use of cloud services for security operations has become nearly ubiquitous. On average, 64.6% of IT security operations and services are now hosted in the cloud. Organizations in the technology, healthcare, and government sectors are leading the movement to cloud-hosted SOC services.

Source: The State of Security Operations 2020 (a CyberEdge study sponsored by Micro Focus, TechBeacon's corporate parent)

84%: Believe their organizations would benefit from cloud-native SIEM

Interest in cloud-native security information and event management is high for several reasons. Two of them: 88% of organizations have challenges with their current SIEM platform, and 99% would like additional SIEM automation.

Source: 2020 State of SecOps and Automation (Dimensional Research for Sumo Logic)

71%: Use a security configuration management tool

More than seven in 10 organizations use an SCM tool for security operations; another 19% plan on acquiring one within 12 months. SIEM platforms, network traffic analysis products, and threat intelligence platforms are some other popular tools used in SOCs.

Source: The State of Security Operations 2020 (a CyberEdge study sponsored by Micro Focus, TechBeacon's corporate parent)

56%: Large companies with 1,000+ daily security alerts 

The growing volume of threat alerts is overwhelming the ability of security operations teams in large organizations—those with 10,000 employees or more—to keep pace. Nearly all organizations (99%) reported that alert volume is creating problems for the IT security team, and 93% are unable to address all alerts the same day.

Source: 2020 State of SecOps and Automation (Dimensional Research for Sumo Logic)

90%: Use the MITRE ATT&CK framework

More organizations use MITRE's knowledge base of attacker tactics than any other framework. The most popular reasons for using it include the improved ability to detect advanced threats and perform gap analysis and the improved ability to remediate infected host systems

Source: The State of Security Operations 2020 (a CyberEdge study sponsored by Micro Focus)

92%: Agree automation is needed to deal with large alert volumes

More than nine in 10 security leaders view automation as critical to threat management. Yet only about two-thirds (65%) of organizations have partially automated alert processing, and 75% would require at least three additional information security analysts to address all alerts the same day.

Source: 2020 State of SecOps and Automation (Dimensional Research, for Sumo Logic)

50%: Maintain a centralized information security team

Though DevOps teams are getting more control, the information security function continues to be highly centralized at about half of all organizations. At 43% of respondents' organizations, IT operations teams have a say in security decision making.

Source: AWS Cloud Security Report 2020 for Management: Managing the Rapid Shift to Cloud (sponsored by CloudPassage)

50%: Have a formal, dedicated threat intelligence team

One in two companies have a dedicated cyber-threat intelligence (CTI) team; at more than 25% of organizations, the CTI function is a shared responsibility across multiple threat groups. About 9% have a single person assigned to CTI.

Source: 2020 SANS Cyber Threat Intelligence (CTI) Survey (The SANS Institute)

54%: Draw CTI team members from the SOC

When organizations establish an in-house CTI, they most frequently tend to draw members from the SOC, followed by the incident response team (48%). Other popular groups contributing CTI expertise include the enterprise security group, the vulnerability management team, and the IT operations team.

Source: 2020 SANS Cyber Threat Intelligence (CTI) Survey (The SANS Institute)

The security impact of COVID-19 

45%: Have seen a sharp increase in cyber threats and security incidents

Increased threat volume was not the only security concern related to the pandemic. More than 40% of respondents reported increased risks from unmanaged devices belonging to remote users, 38% said incident investigation and remediation became harder, and 36% reported insufficient access to on-site security systems.

Source: The State of Security Operations 2020 (a CyberEdge study sponsored by Micro Focus)

85%: Sacrificed security to quickly enable remote work

Nearly 90% of organizations implemented remote work capabilities for employees without addressing security issues first. Unsurprisingly, 25% reported a ransomware or other malware attack in the first three months of the pandemic.

Source: 2020 Cyber Threats Report (Netwrix)

54%: Can't adequately protect data 

More than half of all security leaders describe visibility as a major concern. Some 60% said they had identified new security gaps as a result of the shift to remote work.

Source: 2020 Cyber Threats Report (Netwrix)

58%: Say employees are ignoring cybersecurity guidelines and policies

Nearly six in 10 organizations are struggling with employee-related cyber threats in the months since the pandemic began. And 48% reported phishing attacks in the first three months of the pandemic.

Source: 2020 Cyber Threats Report (Netwrix)

85%: Concerned about VPN-related data breaches

Concerns about attackers exploiting VPN vulnerabilities increased 59% from pre-pandemic days. Concerns over data breaches tied to cloud configuration errors jumped 18 percentage points compared to before the pandemic.

Source: 2020 Cyber Threats Report (Netwrix)

Security spending

$125.2 billion: This year's cybersecurity-related spending 

This is what organizations will spend, worldwide, on hardware, software, and services and is around 6% more than what they spent in 2019. As the global economy recovers from COVID-19, cybersecurity spending too will surge, and it will top $174 billion in 2024.

Source: The State of Application Security 2020 (Forrester Research)

69%: Regulatory compliance is the primary spending driver 

Other factors in security spending include data breach reduction (59%), keeping pace with the evolving threat landscape (57%), maintaining brand reputation (43%), and breach investigation (40%).

Source: Spends and Trends: SANS 2020 IT Cybersecurity Spending Survey (The SANS Institute)

65%: Smaller companies that plan to buy more cybersecurity insurance 

Small and medium organizations are purchasing cyber insurance policies more aggressively than are large enterprises. While 65% of SMEs plan to spend more in insurance over the next two years, only 58% of large enterprises plan to do the same.

Source: The Economic Impact of Cyber Insurance (Cowbell Cyber)

35%: Smaller companies buying cyber insurance because it is a customer requirement

Regulations are another big driver. Some 30% of SMEs have cyber insurance because of regulations requiring restitution to victims of data breaches.

Source: The Economic Impact of Cyber Insurance (Cowbell Cyber)

Staffing and skills

57%: Think the current skills shortage is 'very bad' or 'serious'

Concerns over the deepening skills shortage are high at nearly six in 10 organizations. Two-thirds receive fewer than five applications for a new cybersecurity role, and filling a role can take more than six months.

Source: How to Minimize the Impact of the Cybersecurity Skills Shortage (Osterman Research for Trustwave)

87%: Have outsourced at least one security service 

Almost nine in 10 organizations use a managed security service provider for at least one security function. The most commonly outsourced security functions include monitoring/managing SIEM systems, vulnerability scanning, and log monitoring and analysis.

Source: The State of Security Operations 2020 (a CyberEdge study sponsored by Micro Focus, TechBeacon's corporate parent)

93%: Would benefit from an increase in skilled staffing

Almost all organizations believe they can benefit from having additional staffing in key security functions. The areas that would benefit the most include attack detection and analysis (63%); incident response (57%); and security awareness training (57%).

Source: The State of Security Operations 2020 (a CyberEdge study sponsored by Micro Focus)

79%: Prefer cybersecurity hires with professional certifications

Nearly eight in 10 organizations place a high value on security certifications. Some 56% view a professional certification as a validation of cybersecurity awareness and knowledge; 52% said it increased their confidence in a new hire. And 40% believe a professional certification indicates an individual's ability to keep up with security changes.

Source: Cybersecurity skills shortage survey (Fortinet)

Cloud security

95%: Concerned about public cloud security

Worries over cloud security are increasing, not decreasing. In a survey of 426 cybersecurity professionals, 95% expressed moderate to high concern over the security of their data in the public cloud. Last year, that number was 91%.

Source: AWS Cloud Security Report 2020 for Management: Managing the Rapid Shift to Cloud (sponsored by CloudPassage)

44%: Say risk assessment and audit are the biggest cloud compliance challenges

Other top regulatory concerns include compliance monitoring (42%); vulnerability monitoring, and staying current with new regulations.

Source: AWS Cloud Security Report 2020 for Management: Managing the Rapid Shift to Cloud (sponsored by CloudPassage)

Data breaches and attacks

97%: Worry about an insider data breach over the next year

Concerns over insider threats are growing. Some 78% of IT security leaders believe that employees have put corporate data at risk accidentally over the past 12 months. Three-quarters think employees intentionally put corporate data at risk over the same time period.

Source: 2020 Global Insider Data Breach Survey (Egress Software Technologies)

70%: Data breaches caused by an external attacker

Despite a high level of concern over insider threats, external attackers were responsible for a majority of breaches (70%) last year. Organized criminal groups were behind 55% of breaches, and insiders accounted for 30% of them.

Source: 2020 Data Breach Investigations Report (Verizon)

45%: Breaches last year that featured hacking

Some 22% of breaches resulted from errors, 22% involved social attacks such as phishing, and malware was the causal factor in 17% of the attacks.

Source: 2020 Data Breach Investigations Report (Verizon)

25%: Attacks remediated by IBM that involved ransomware

Ransomware incidents continued to rise throughout 2020. Many attacks involved data theft and threats to leak data publicly if ransoms were not paid. In some incidents, ransom demands exceeded $40 million.

Source: IBM threat research

$3.86 million: Global average data breach cost 

The average cost of a data breach in 2020 declined slightly compared to the global average of $3.92 million in 2019. However, average data breach costs in the US were much higher, at $8.64 million. For healthcare companies in the US, the average breach cost was $7.13 million.

Source: Cost of Data Breach Report 2020 (Ponemon Institute for IBM)

280 days: How long it took to identify and contain a data breach

The average length of time it took for companies to detect a breach in 2020 was almost identical to last year's average of 279 days. However, security leaders at 76% of companies that have shifted to remote work expect the move will increase breach detection and mitigation times.

Source: Cost of Data Breach Report 2020 (Ponemon Institute for IBM)

46%: Took data with them to a new job in violation of policy

This is the number who reported that they or a colleague had engaged in this practice. And 26% admitted to sharing data riskily because they didn't have the right security tools.

Source: 2020 Global Insider Data Breach Survey (Egress Software Technologies)

Third-party risks

80%: Data breach that originated from a third party

Third-party breaches are becoming increasingly common, with eight in 10 organizations experiencing at least one such breach over the past year. These organizations reported an average of 2.7 third-party-related breaches.

Source: Third-party cyber risk management survey (Opinion Matters for BlueVoyant)

29%: Have no visibility over third-party cyber risks

Many organizations have no visibility into the risks posed by third parties. Just 22.5% monitor their entire supply chain, and 32% perform vendor risk assessments once every six months or less frequently.

Source: Third-party cyber risk management survey (Opinion Matters for BlueVoyant)

Application security

42%: External attacks as results of a software bug

More than one-third (35%) said they were attacked via a vulnerable web application. The most common web application vulnerabilities continue to be SQL injection, cross-site scripting, and remote file inclusion.

Source: The State of Application Security, 2020 (Forrester Research)

32%: Implemented interactive app sec testing during development

Application security practices are continuing to take hold in the prerelease stage but progress is slow. About 35% of organizations have implemented dynamic application security testing (DAST) in the development phase. Only 14% of organizations have fully implemented security into the software development lifecycle.

Source: The State of Application Security, 2020 (Forrester Research)

These statistics were culled from various reputable sources. Registration is required for several of the cited reports.

Keep learning

Read more articles about: SecurityInformation Security