Despite the increasing sophistication and severity of cyber attacks, a survey of more than 700 senior IT professionals reveals that organizations are surprisingly unarmed to deal with today’s threat landscape.
In a new report titled Cyber Security on the Offense: A Study of IT Security Experts the Ponemon Institute and Radware found that while 65 percent of organizations experienced an average of three distributed denial-of-service (DDoS) attacks in the past 12 months, less than half reported being vigilant in monitoring for attacks – much less putting into practice proactive and preventative measures to protect their organizations.
“The reality is that cyber threats are outpacing security professionals, leaving most organizations vulnerable and unprepared,” said Avi Chesla, chief technology officer, Radware. “From hacktivists to cyber criminals, companies live under the constant threat of assaults that contribute to lost revenue and serious reputational damage. It’s critical that organizations take immediate action after reading this report. IT managers have to advocate for a multi-layered approach that also takes in account countermeasures to prevent threats before they inflict significant damage.”
Key findings from the report include:
- Availability is the top cyber security priority for organizations today. Gone are the days where companies could solely concern themselves with data leakage and integrity based attacks. Unlike the past few years, where many organizations focused on confidentiality and integrity-based attacks, respondents noted a major shift in their security objectives, ranking denial-of-service (DoS) and DDoS as two of the top three threats their organizations face today.
- DDoS attacks cost companies 3.5 million dollars every year. Although respondents cited a lack of budget as one of the major impediments to shoring up cyber security, it’s clear that organizations will pay a much higher price for their lack of preparedness. 65 percent reported experiencing an average of three DDoS attacks in the past 12 months, with an average downtime of 54 minutes per attack. With the cost for each minute of downtime amounting to as much as $100,000 per minute - including lost traffic, diminished end-user productivity and lost revenues - it is no surprise that respondents ranked availability as their top cyber security priority.
- 63 percent rate their organization’s offensive countermeasure capabilities as below average. While 60 percent say they want technology that slows down or even halts an attacker’s computer, the majority of respondents give their organizations an average or below average rating when it comes to their ability to launch counter measures. With 75 percent of organizations still relying on anti-virus and anti-malware to protect themselves from attacks, it’s clear that the old adage, “the best defense is a good offense” is not being practiced by most firms.
- Organizations are more vulnerable than ever before. With respondents ranking lack of system visibility (34 percent), mobile/remote employees (32 percent) and negligent insiders (31 percent) as their top three areas of greatest cyber security risk, it’s clear that threats can come from a number of new sources including the Bring Your Own Device (BYOD) movement. Even more disturbing, today’s threats are multi-layered, targeting not only networks but the data and application levels as well.
“There is a frightening gap that exists between the increasing severity of cyber attacks and the level of preparedness that exists in the industry,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “The report’s findings make clear that now is the time for organizations to begin making critical changes to their security approaches in order to stave off the potentially devastating costs associated with a lack of preparedness and adequate defenses.”
About the Survey
The research for Cyber Security on the Offense: A Study of IT Security Experts was co-authored by the Ponemon Institute and Radware. The report surveyed 705 US based IT and IT security practitioners responsible for managing their organization’s cyber security activities. 62 percent of the respondents surveyed were at the supervisor level or higher with an average of more than 11 years of experience. 65 percent of respondents were from organizations with a global headcount of more than one thousand and the primary industry segments for the report included financial services and the public sector as well as healthcare and pharmaceuticals. The survey consisted of 35 questions on respondents’ perceptions of and experiences with their organization’s cyber security infrastructure and the types of threats they now face.
Hot Topic
The Latest
The gap is widening between what teams spend on observability tools and the value they receive amid surging data volumes and budget pressures, according to The Breaking Point for Observability Leaders, a report from Imply ...
Seamless shopping is a basic demand of today's boundaryless consumer — one with little patience for friction, limited tolerance for disconnected experiences and minimal hesitation in switching brands. Customers expect intuitive, highly personalized experiences and the ability to move effortlessly across physical and digital channels within the same journey. Failure to deliver can cost dearly ...
If your best engineers spend their days sorting tickets and resetting access, you are wasting talent. New global data shows that employees in the IT sector rank among the least motivated across industries. They're under a lot of pressure from many angles. Pressure to upskill and uncertainty around what agentic AI means for job security is creating anxiety. Meanwhile, these roles often function like an on-call job and require many repetitive tasks ...
In a 2026 survey conducted by Liquibase, the research found that 96.5% of organizations reported at least one AI or LLM interaction with their production databases, often through analytics and reporting, training pipelines, internal copilots, and AI generated SQL. Only a small fraction reported no interaction at all. That means the database is no longer a downstream system that AI "might" reach later. AI is already there ...
From Fragmented Systems to Intelligent Platforms: An ITIL+ Playbook for Enterprise IT Transformation
In many organizations, IT still operates as a reactive service provider. Systems are managed through fragmented tools, teams focus heavily on operational metrics, and business leaders often see IT as a necessary cost center rather than a strategic partner. Even well-run ITIL environments can struggle to bridge the gap between operational excellence and business impact. This is where the concept of ITIL+ comes in ...
UK IT leaders are reaching a critical inflection point in how they manage observability, according to research from LogicMonitor. As infrastructure complexity grows and AI adoption accelerates, fragmented monitoring environments are driving organizations to rethink their operational strategies and consolidate tools ...
For years, many infrastructure teams treated the edge as a deployment variation. It was seen as the same cloud model, only stretched outward: more devices, more gateways, more locations and a little more latency. That assumption is proving costly. The edge is not just another place to run workloads. It is a fundamentally different operating condition ...
AI can't fix broken data. CIOs who modernize revenue data governance unlock predictable growth-those who don't risk millions in failed AI investments. For decades, CIOs kept the lights on. Revenue was someone else's problem, owned by sales, led by the CRO, measured by finance. Those days are behind us ...
Over the past few years, organizations have made enormous strides in enabling remote and hybrid work. But the foundational technologies powering today's digital workplace were never designed for the volume, velocity, and complexity that is coming next. By 2026 and beyond, three forces — 5G, the metaverse, and edge AI — will fundamentally reshape how people connect, collaborate, and access enterprise resources ... The businesses that begin preparing now will gain a competitive head start. Those that wait will find themselves trying to secure environments that have already outgrown their architecture ...
Ask where enterprise AI is making its most decisive impact, and the answer might surprise you: not marketing, not finance, not customer experience. It's IT. Across three years of industry research conducted by Digitate, one constant holds true is that IT is both the testing ground and the proving ground for enterprise AI. Last year, that position only strengthened ...