Skip to content
KnowBe4 2019 Security Threats and Trends Survey
7.
Demographic Questions
1.
Which best describes your vertical industry?
Academic (College/University)
Accounting
Advertising
Aerospace
Agriculture/Forestry
Automotive
Biopharma and Biosciences
Business Services/Consulting
Communications/Telecom
Computer hardware/software/technology manufacturer
Construction
Consulting
Education (K through 12)
Energy
Engineering
Financial services/banking, legal, real estate
Gaming
Government (federal)
Government (state and local)
Healthcare
Hotel & Hospitality
Insurance
IT/Technology Services Provider
Law Enforcement
Legal
Manufacturing
Marketing
Media and Entertainment
News Organization
Non Profit
Oil/Gas/Mining
Pharmaceutical
Retail
Sales
Security
Software
Sports
Surveillance
Telecommunications
Transportation
Travel
Utilities
Weather
Other (please specify)
2.
How many servers are in your organization?
1 to 10
11 to 20
21 to 30
31 to 50
51 to 100
101 to 250
251 to 500
501 to 1,000
1,001 to 5,000
More than 5,000
3.
What is your title/job function?
Application Manager
Architect
CEO
CIO
CISO
COO
CTO
Database Administrator
Engineer (Systems or Network)
Independent Consultant/Systems Integrator
IT Manager
IT Staff
Network Administrator
Network Manager
Plant Facilities Manager
Security Administrator/Manager
Server Hardware Administrator
Software Developer
Storage Administrator
Telecom Engineer
Telecom Manager
VP of IT
VP of Security
Other (please specify)
4.
What is your organization’s TOTAL average annual expenditure on security including hardware, software, services and training?
$20+ million
$10-$19.9 million
$5-$9.9 million
$1-$4.9 million
$500,000-$999,999
$250,000-$499,999
$101,000-$249,000
$51,000 -$100,000
$25,000 - $50,000
<$25,000
We do not have a separate security budget
5.
Has the increase in cyber security attacks caused your firm to become more security conscious and proactive in terms of its security initiatives?
Yes
No
Remains the same. Cyber attacks are a fact of life/cost of doing business in the Digital Age.
We’re considering it; no decision made.
Unsure
6.
What issues pose the greatest threats to the organization’s security over the next 12 months? Select ALL that apply
Email/Phishing scams
Social Engineering
Targeted attacks by hackers
Physical attacks on the devices or premises
Attacks on the Network edge/perimeter
End user carelessness
BYOD and mobile devices
Lost or stolen devices
Mis-configuration/provisioning errors by security administrators
Back door or open ports on servers
Password attacks
Data leaks
Eavesdropping/MitM
Denial of Service (DoS) attacks
Corporate espionage
Insider attacks by employees
Insider attacks via a Partner/Consultant/Vendor or 3rd Party Service Provider
Regulatory Compliance issues
A combination of the above
Other (please specify)
7.
What are your firm's most important security priorities over the next 12 months? (Select ALL that apply)
Proactive security maintenance, upgrades and patches
Keeping pace with the latest security threats
Keeping pace with security exploits in technologies (e.g., cloud, IoT, Machine learning)
Implementing Security Awareness Training
Updating, enforcing computer security policies
Upgrading security mechanisms (e.g., firewalls, routers, gateways, switches)
Upgrading intrusion detection/audit trail/authentication/access control/tracking
Strengthening encryption/encrypting data
Strengthening infrastructure and physical security
Strengthening virtualization and cloud security
Securing the Network edge
Allocating funds to buy security products & hire security consultants
Identifying & choosing the right security products for our business
Dealing with multiple security vendors
Conducting vulnerability testing
GDPR, regulatory compliance and data privacy
Contractual and legal responsibilities
Understanding security protocols and APIs
Correct configuration and provisioning of security devices, applications
Other (please specify)
8.
What are the biggest security challenges facing your firm the next 12 months? (Select ALL that apply)
Cost/budget constraints
Overworked security, IT staff
Lack of skilled security, IT staff
Too many entry points into the network to monitor & manage
Inadequate security awareness training
Our inability to identify, quickly respond to and shut down a security hack
Upper management does not take security seriously enough
Weak, physical infrastructure security
Weak application, operating system security
Weak Network edge security
Security administrators have little, no control over BYOD & mobile devices
End user carelessness
Potential losses, litigation due to security breaches, data theft
Weak, lax computer security policies & procedures
Failure of our business to adhere to compliance regulations
Other (please specify)
9.
Recently, there is a trend showing IT pros are no longer buying third-party Antivirus. Instead, they're relying on Win10 and its built-in Windows Defender. Does your firm plan to do the same thing?
We have already migrated to Win10 and use Windows Defender now
Yes, we're planning to migrate to Win10 and use Windows Defender in the near future
No, we will continue to buy third-party antivirus for the desktop
Unsure
10.
What new
security threats most concern your firm over the next 12 months? (Select ALL that apply)
Active content in Email applications
Laser Phishing
New sophisticated BEC or CEO Fraud spear Phishing variants
Cryptojacking malware
New "sextortion" scams
Shadow IT applications
Attacks on IoT devices attached to the network
Nothing in particular at this time
Unsure
Other (please specify)
11.
Does your firm allow its end users to Bring Their Own Devices (BYOD) e.g., notebooks, tablets, smart phones and utilize them as corporate devices accessing network data and applications?
Yes
No
12.
If your firm allows BYOD usage, who is responsible for installing,maintaining & updating security on employee-owned notebooks, tablets, smart phones and other devices?
Security and IT administrators
Employees
Both: the IT Dept. provides & installs the security packages and the employees maintain it
We have no formal, specific BYOD security provisions
We leave it up to the end users to install and maintain security on their BYOD devices
Unsure
13.
Have there been any security breaches to employee-owned BYOD devices in the last 12 months that have impacted the corporate network?
Yes
No
We have no way of knowing
We don't require employees to notify the IT Dept. when BYOD devices experience a security breach or hack
Unsure
14.
If any of your employee-owned BYOD devices did experience a security breach, what impact did it have on corporate servers, applications & network operations? (Select ALL that apply)
No impact
The corporate network experienced data leakage
The corporate network was infected with Malware & other malicious programs
The corporate network was infected with keyboard logging
Sensitive data was lost, stolen or hijacked
Sensitive data was changed
Network operations or key applications (e.g., Email or servers) were disrupted for a short time (one to five minutes)
Network operations or key applications were disrupted for up to 30 minutes
Network operations or key applications were disrupted for one hour to several hours
Unsure
Other (please specify)
15.
Does your firm have a response plan in place to deal with lost, stolen or hijacked BYOD devices?
Yes
No
We're in the process of devising a policy
We're considering it; no decision made
Unsure
16.
What measures is your firm and the IT/Security Dept. taking to police its end users - including remote workers, contract workers and anyone using BYOD equipment to access the corporate network? (Select ALL that apply)
We informally or verbally tell all employees & contract workers they must comply with corporate security policies and procedures regardless of whether devices are company or employee-owned.
We require strict adherence to corporate security policies. All employees (remote and contract workers) are required to read security compliance policies on passwords, software updates, data privacy & compliance regulations and be aware of all penalties for violating security policies - including termination.
We provide security awareness training to keep employees updated on all of the latest hacks and threats.
We require employees to immediately notify Security/IT administrators if their corporate or BYOD devices experience a security breach or or if their devices are lost or stolen.
We do not require end users or contract workers to install security on BYOD devices and we have no specific security measures in place to oversee or monitor them.
Unsure
Other (please specify)
17.
Does your firm calculate the hourly cost of downtime for mission critical servers, devices and applications related to security breaches?
Yes
No
Not currently, but we plan to do so in the near future
Unsure
18.
Is your organization more/less prepared and better equipped to respond to the various security threats than it was 12 to 18 months ago?
Much more prepared and proactive
Somewhat more prepared, but we need to do more
No change; we're adequately prepared to deal with security threats
Somewhat less prepared; we're more reactive than proactive
Much less prepared
We're overwhelmed; we lack the budget/resources to keep up with security threats
We're totally unprepared; we have no plan in place to respond to a security hack
Unsure
Other (please specify)
19.
ESSAY Question: Please provide us with your comments, insights on your firm's approach to security. Do you think your organization is doing a good job of securing its infrastructure and data assets in the face of the evolving threat landscape? Leave your Email address so we may contact you if you win the $100 Amazon Gift Certificate.
Current Progress,
0 of 19 answered