As we wrap up another tumultuous year, here is a roundup of top cyber security statistics for 2019. Across the board, cybersecurity remains one of the most important priorities for any organization and has become a boardroom level conversation on an unprecedented scale. However, cybersecurity professionals who are on the frontlines of a perpetual and worsening battle to defend their organizations against advanced and most evasive attacks, are left without the training and teammates they need to be successful.
Here are some of the top 2019 cyber security statistics taken from multiple respected sources that show why organization today needs a better cybersecurity training program:
Cyber Security Risk is at an All-Time High
One of the most startling cyber security statistics of 2019 is how organizations and security leaders self-assess the their own level of risk. Nobody, no matter how much money and effort they are pouring into cyber security products and technologies, feel that they are safe. In 2019, the frequency, sophistication, and cost of cyber attacks have hit a fever pitch.
91% of organizations believe they are at risk for significant cyberattack
-according to the ESG/ISSA 2019 Report
95% of CIOs expects cybersecurity threats to get worse
-according to the 2019 CIO Agenda
Global cost of cybercrime will reach $6 trillion by 2021, double that of 2015
77% of security leaders anticipate a critical infrastructure breach which could have hazardous repercussions
-according to Black Hat 2019 report
Cyber Skill Gap is a Major Pitfall
How can cybersecurity professionals defend their organizations against devastating data breaches or advanced attacks when they have not faced such attacks? This is why organizations need to understand the cybersecurity professionals’ priorities and design a rigid cybersecurity training program to attract and retain top cybersecurity talent.
Cybersecurity talent crunch to create 3.5 million unfilled jobs globally by 2021.
Cybersecurity is the industry with the most pronounced skill gap
57.7% cite the lack of skills is the top challenge for their organization’s SOC team.
According to the SANS SOC Survey 2019
Only 27% of organizations have experienced a ransomware incident and only 20% have experienced at least one security incident that disrupted a business application.
According to the ESG and ISSA Report
Almost 60% of organizations have unfilled cyber security positions.
54% organizations say that it takes 3 months or more to fill such a position
According to ISACA
Alert and Tool Fatigue Plague SOC teams
So much of the cyber security market has been focused on building newer and better tools, as if all an organization has to do to improve its security posture is approve acquisitions of more and more security technology. But one of the unintended effects of this tool obsession is that the human beings who are on the frontlines, working in the SOC, have too many tools. How many of us can say that we have complete mastery and familiarity operating over 25 technology tools? Not many, yet most SOCs have over 25 tools deployed. Each of these tools creates alerts, so many alerts that just figuring out which alerts are critical and should be handled first is also an impossible task. SOC teams are inundated with tools and alerts, inevitably a critical alert will be overlooked and even your best SOC analysts will burnout.
73% of organizations use over 25 cybersecurity tools
9% organizations use more than 100 security tools
According to a study by Ovum
Cyber Security Budgets, Training Out of Sync
The cyber skill-shortage remains the single most important barrier to effective cyber security. While it is widely lamented, enterprises are not yet dedicating ample resources to overcoming the skill shortage by investing in newer, more effective training. The security industry needs to both work with institutions of higher education to increase the pipeline of new professionals with proficient hands-on experience operating every aspect of security operations; analytic and communications abilities, technical mastery of a full toolset, and hands-on experience. Even the most experienced SOC professional requires ongoing training and practice to keep skills sharp and practice facing down the newest, emerging cyber threats.
56% employer doesn’t provide the cybersecurity team with the right level of training to keep up with business and IT Risks.
According to ISSA
Lack of budget has been the number 1 issue of state government CISOs every year. Majority of the state governments spend 1-2% of their IT budgets on cybersecurity.
According to Deloitte/NASCIO Cybersecurity survey
Takeaways for 2020
Going into 2020, organizations today should be focused on building the next generation of cyber warriors by introducing the latest training technologies such as realistic simulation, as it solves multi-dimensional IT security challenges. Instead of letting the security team simply learn on the job, it provides them with initial encounters to help them be prepared. This approach yields dramatic results vis-à-vis their performance in the face of real attacks.
At a national level, cybersecurity fundamentals should be embedded into elementary education just like the fundamentals of mathematics or science. There is also a need to form cybersecurity centers of academic excellence in universities that emphasis rigorous hands-on learning throughout the curriculum. Finally, National Security agencies and government should promote cybersecurity and support initiatives on cybersecurity education.
Cyberbit Range is the most widely deployed Cyber Security Training and simulation platform. Cyberbit Range prepares your security team for the attack, by providing a hyper-realistic, virtual SOC environment, in which they can train in responding to real-world, simulated cyberattacks, and dramatically improve their performance.