Despite the increasing sophistication and severity of cyber attacks, a survey of more than 700 senior IT professionals reveals that organizations are surprisingly unarmed to deal with today’s threat landscape.
In a new report titled Cyber Security on the Offense: A Study of IT Security Experts the Ponemon Institute and Radware found that while 65 percent of organizations experienced an average of three distributed denial-of-service (DDoS) attacks in the past 12 months, less than half reported being vigilant in monitoring for attacks – much less putting into practice proactive and preventative measures to protect their organizations.
“The reality is that cyber threats are outpacing security professionals, leaving most organizations vulnerable and unprepared,” said Avi Chesla, chief technology officer, Radware. “From hacktivists to cyber criminals, companies live under the constant threat of assaults that contribute to lost revenue and serious reputational damage. It’s critical that organizations take immediate action after reading this report. IT managers have to advocate for a multi-layered approach that also takes in account countermeasures to prevent threats before they inflict significant damage.”
Key findings from the report include:
- Availability is the top cyber security priority for organizations today. Gone are the days where companies could solely concern themselves with data leakage and integrity based attacks. Unlike the past few years, where many organizations focused on confidentiality and integrity-based attacks, respondents noted a major shift in their security objectives, ranking denial-of-service (DoS) and DDoS as two of the top three threats their organizations face today.
- DDoS attacks cost companies 3.5 million dollars every year. Although respondents cited a lack of budget as one of the major impediments to shoring up cyber security, it’s clear that organizations will pay a much higher price for their lack of preparedness. 65 percent reported experiencing an average of three DDoS attacks in the past 12 months, with an average downtime of 54 minutes per attack. With the cost for each minute of downtime amounting to as much as $100,000 per minute - including lost traffic, diminished end-user productivity and lost revenues - it is no surprise that respondents ranked availability as their top cyber security priority.
- 63 percent rate their organization’s offensive countermeasure capabilities as below average. While 60 percent say they want technology that slows down or even halts an attacker’s computer, the majority of respondents give their organizations an average or below average rating when it comes to their ability to launch counter measures. With 75 percent of organizations still relying on anti-virus and anti-malware to protect themselves from attacks, it’s clear that the old adage, “the best defense is a good offense” is not being practiced by most firms.
- Organizations are more vulnerable than ever before. With respondents ranking lack of system visibility (34 percent), mobile/remote employees (32 percent) and negligent insiders (31 percent) as their top three areas of greatest cyber security risk, it’s clear that threats can come from a number of new sources including the Bring Your Own Device (BYOD) movement. Even more disturbing, today’s threats are multi-layered, targeting not only networks but the data and application levels as well.
“There is a frightening gap that exists between the increasing severity of cyber attacks and the level of preparedness that exists in the industry,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “The report’s findings make clear that now is the time for organizations to begin making critical changes to their security approaches in order to stave off the potentially devastating costs associated with a lack of preparedness and adequate defenses.”
About the Survey
The research for Cyber Security on the Offense: A Study of IT Security Experts was co-authored by the Ponemon Institute and Radware. The report surveyed 705 US based IT and IT security practitioners responsible for managing their organization’s cyber security activities. 62 percent of the respondents surveyed were at the supervisor level or higher with an average of more than 11 years of experience. 65 percent of respondents were from organizations with a global headcount of more than one thousand and the primary industry segments for the report included financial services and the public sector as well as healthcare and pharmaceuticals. The survey consisted of 35 questions on respondents’ perceptions of and experiences with their organization’s cyber security infrastructure and the types of threats they now face.
Hot Topic
The Latest
Enterprises today operate in a real-time environment where uninterrupted access to trusted data has become a baseline expectation for users, applications and automated systems. Traditional DataOps models, built on manual effort and human triage, cannot keep pace with this always active demand. AI agents are emerging as the operational backbone, ensuring consistent data availability, reinforcing trustworthiness and enabling a level of scale that manual processes cannot achieve ...
For decades, trust in the digital workplace rested on familiar signals. We trusted faces on video calls, voices on the phone, and emails that appeared to come from people we knew. These cues felt human and intuitive. They anchored how decisions were made, approvals were granted, and access was authorized. AI-powered deepfakes have quietly broken that model ...
Cloud migration was supposed to be a one-way door. For most enterprises, it turns out it isn't. Cloud data repatriation is a real and growing trend. A new survey ... finds that 89% of organizations plan to expand their on-premises infrastructure footprint over the next two years — and 75% have already moved at least some workloads back from public cloud in the past 24 months. The findings point to a broad rethinking of where data belongs ...
Over the past few years, large language models (LLMs) have revolutionized the software industry. Given their ability to excel at multi-step reasoning, LLMs have helped enterprises streamline workflows and adapt to the unknown. However, employing such models comes with sky-high costs, latency issues, and limited flexibility. In the realm of IT operations, it is generally wiser to employ smaller, domain-specific models instead ...
For years, DevOps teams operated under a simple assumption: collect enough telemetry, and you can find and fix any problem. That assumption is breaking down. Modern enterprises now operate across microservices, hybrid cloud environments, APIs, Kubernetes, and highly automated delivery pipelines. Releases happen continuously, dependencies shift constantly, and failures spread faster than teams can diagnose them ...
New Relic surveyed IT and engineering leaders from the media and entertainment (M&E) sector to understand what's working — and where challenges persist with their observability practices. The findings reveal how M&E organizations are navigating rising platform complexity, audience expectations, and AI-driven change. Below are five takeaways that stand out ...
Let me start with something I've seen play out more times than I can count. A team hits a wall with the cloud. Costs creep up, then spike. Performance starts to feel inconsistent. Someone in finance asks a simple question like "why did this double?" and nobody has a clean answer ... Maybe this isn't the right place for everything. That realization feels like a breakthrough, like you've identified the problem. In reality, you've just identified the starting line ...
In MEAN TIME TO INSIGHT Episode 24, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses network observability tool sprawl ...
In cloud-native systems, scaling is often as simple as moving a slider. For on-premise databases, the stakes are different. Over-provisioning hardware is expensive. Under-provisioning leads to performance bottlenecks that are difficult to fix once the equipment is in the rack ...
When most people think about cybersecurity, they picture firewalls, encryption, and access controls — technical tools designed to protect systems and data. But beneath the technology lies a deeper set of principles about trust, decision-making, and resilience ... The best leaders don't eliminate risk. They manage it intelligently. And in many ways, cybersecurity offers a surprisingly useful playbook for doing exactly that ...