Skip to content
KnowBe4 2020 Security Data Breach Trends Survey
6.
Demographic Questions
*
1.
Which best describes your vertical industry?
(Required.)
Academic (College/University)
Accounting
Advertising
Aerospace
Agriculture/Forestry
Automotive
Biopharma and Biosciences
Business Services/Consulting
Communications/Telecom
Computer hardware/software/technology manufacturer
Construction
Consulting
Education (K through 12)
Energy
Engineering
Financial services/banking, legal, real estate
Gaming
Government (federal)
Government (state and local)
Healthcare
Hotel & Hospitality
Insurance
IT/Technology Services Provider
Law Enforcement
Legal
Manufacturing
Marketing
Media and Entertainment
News Organization
Non Profit
Oil/Gas/Mining
Pharmaceutical
Retail
Sales
Security
Software
Sports
Surveillance
Telecommunications
Transportation
Travel
Utilities
Weather
Other (please specify)
*
2.
How many employees are in your organization?
(Required.)
1-49
50-200
201-499
500-999
1000-5,000
5000-10,000
10,000+
*
3.
How many servers are in your organization? This includes on-prem and cloud servers.
(Required.)
1 to 10
11 to 20
21 to 30
31 to 50
51 to 100
101 to 250
251 to 500
501 to 1,000
1,000+
Other (please specify)
*
4.
What is your title/job function?
(Required.)
Application Manager
Architect
CEO
CIO
CISO
CMO
COO
CTO
Database Administrator
Engineer (Systems or Network)
Independent Consultant/Systems Integrator
IT Manager
IT Staff
Network Administrator
Network Manager
Plant Facilities Manager
Security Administrator/Manager
Server Hardware Administrator
Software Developer
Storage Administrator
Telecom Engineer
Telecom Manager
VP of IT
VP of Security
Other (please specify)
*
5.
What is your organization’s TOTAL average annual expenditure on security including hardware, software, services and training?
(Required.)
$20+ million
$10-$19.9 million
$5-$9.9 million
$1-$4.9 million
$500,000-$999,999
$250,000-$499,999
$101,000-$249,000
$51,000 -$100,000
$25,000 - $50,000
<$25,000
We do not have a separate security budget
*
6.
Has your organization experienced a successful data breach in which malware, ransomware or hackers gained access to your network, devices or computers within the last 12 months -- even if only for a short while, before detection and removal?
(Required.)
Yes
No
Unsure
We have no way of knowing
*
7.
If Yes, what root exploit causes were involved in successful attacks or compromises within the last 12 months? (Select ALL that apply)
(Required.)
Email/Phishing scams
Social Engineering
Targeted attacks by organized hackers
Ransomware
CEO Fraud/Business Email Compromise
User or Network Administrator Error
MFA hack/Failure
Zero Days
Un-patched software exploits
Malware
Physical attacks on unsecured servers or devices or premises
Attacks on the Network edge/perimeter
End user carelessness
Insecure end user/company-owed BYOD & mobile devices
Lost or stolen devices
Mis-configuration/provisioning errors by security administrators
Back door or open ports on servers
Password attacks
Data leaks
Eavesdropping/MitM
Denial of Service (DoS) attacks
Misconfiguration errors
Inadequate Network Edge security
Corporate espionage
Insider attacks by employees
Insider attacks via a Partner/Consultant/Vendor or 3rd Party Service Provider
Lost or stolen laptop/notebook/tablet/mobile phone
Failure to secure data in transit (insecure protocols)
Regulatory Compliance issues
A combination of the above
Other (please specify)
*
8.
How many successful or attempted data breaches of ANY type did your organization experience over the last 12 months?
(Required.)
One
Two to four
Five to seven
Eight to 10
10 to 20
>20
Unsure
Not applicable, we had no confirmed data breaches
*
9.
What was the Mean Time to Detection (MTTD) from the time the data breach began until your org's Security/IT Pros or Third Party detected/isolated/shut down or thwarted the attack?
(Required.)
Immediately
When we received a Ransomware demand
Within the first five to 30 minutes
Within the first 31 to 60 minutes
Within the first one to two hours
Approximately half a day (up to 12 hours)
Within 24 hours
Within two to four days
One to three weeks
One to two months (30 to 60 days days)
Two to three months (61 to 90 days)
Three to four months (91 to 120 days)
Four to six months (121 to 180 days)
Over six months (>181 days)
Unsure
It was discovered by Third Party Security service providers during vulnerability testing
Our org didn't discover it; law enforcement or Federal Agencies alerted us
Other (please specify)
*
10.
Rate the level or severity of the data breach
(Required.)
No impact: we detected and thwarted the attempt before any damage occurred
Very minor: no damage; no lost/stolen/destroyed/changed data, just a minimal productivity blip
Minor operational disruption of up to 15 minutes; no other impact
Moderate impact on operations. Productivity disrupted for one to two hours; some data/privacy was compromised; remediation required by security and IT Administrators
Severe data privacy breach: internal system downtime; corporate/customer data stolen/compromised/changed/locked/held for ransom or destroyed. Remediation required by company security and IT administrators and external third party providers
Catastrophic data breach: operations disrupted for up to several days; lost/stolen/destroyed/damaged/locked data. Extensive remediation required by company security and IT administrators, external third party providers and law enforcement intervention
Not applicable; we have not had a successful data breach
Other (please specify)
*
11.
If your organization experienced a successful data breach within the last 12 months, did it include data losses that negatively impacted business operations or caused financial losses to your business, customers, partners or suppliers?
(Required.)
Yes
No
Unsure
Not applicable; we have not experienced a successful data breach
Other (please specify)
*
12.
If your organization suffered losses as a result of a successful data breach, describe the types of losses. (Select ALL that apply)
(Required.)
Lost data
Stolen data
Damaged data
Changed data
Destroyed data
Financial
External customer, business partner & supplier data was exposed/compromised
Unsure
Not applicable; we did not experience data losses
Other (please specify)
*
13.
In 2020 and beyond which issues pose major threats to your organization's security and data assets? (Select ALL that apply)
(Required.)
External breach by organized hackers
Internal breach by company insiders
Threats from disgruntled ex-employees
Corporate security is outdated & inadequate to cope with current and evolving threat landscape
Corporate unpreparedness and inability to identify, isolate and quickly shut down data breaches
Lack of security awareness training for IT staff and end users
End user carelessness; failure to update & install security on their BYOD and mobile devices
Email Phishing scams
Ransomware
CEO fraud
Spyware
Network Edge attacks
Corporate espionage
Physical attacks on unsecured data center, servers/devices
Open ports on forgotten, mis-configured servers
Software bugs and exploits
There are too many security issues to track
Management does not take security threats seriously; it's not a priority in our organization
Lack of funds/budget for security products & vulnerability testing
All of the above
Other (please specify)
*
14.
Ransomware attacks are on the rise. Has your organization had one or more machines with criminally-encrypted files within the last 12 months?
(Required.)
Yes
No
Unsure
*
15.
If your org experienced a Ransomware demand/attack, how did it respond and what was the outcome?
(Required.)
We did not pay the ransom. It was a bluff; everything was fine
We did not pay the ransom; our security and IT teams restored access ourselves
We paid the ransom after we were unable to access data and operations were disrupted. The hackers gave us a decryption key which restored data access
We paid the ransom but the hackers did
not
provide us with a decryption key or the key did not work
We have not experienced a ransomware attack/demand
Other (please specify)
*
16.
If your org paid a ransom to have data access and operations restored, how much did it pay?
(Required.)
Up to $1,000
$1,001 to $5,000
$5,001 to $10,000
$10,001 to $25,000
$25,001 to $50,000
$50,001 to $100,000
$100,001 to $250,000
$250,001 to $500,000
$500,001 to $1,000,000
$1,000,001 to $3,000,000
$3,000,001 to $5,000,000
$5,000,001 to $10,000,000
>$10,000,000
Unsure
Not applicable; we did not pay a ransom
*
17.
Estimate the amount of security-related monetary losses your organization sustained collectively from ALL data breaches, hacks, Phishing scams, Ransomware attacks, lost/stolen devices and other security incidents within the last 12 months
(Required.)
Up to $1,000
$1,001 to $5,000
$5,001 to 10,000
$10,001 to $25,000
$25,001 to $50,000
$50,001 to $100,000
$100,001 to $250,000
$250,001 to $500,000
$500,001 to $1,000,000
$1,000,001 to $3,000,000
$3,000,001 to $5,000,000
$5,000,001 to $10,000,000
>$10,000,000
Unsure
We have not experienced any security-related monetary losses
We don't keep track
*
18.
Have you received a payment from your Cyber Security Insurance Policy this year as part of a data breach and/or ransomware attack that you reported? If Yes, what was the amount? ?
(Required.)
Up to $1,000
$1,001 to $5,000
$5,001 to $10,000
$10,001 to $25,000
$25,001 to $50,000
$50,001 to $100,000
$100,001 to $250,000
$250,001 to $500,000
$500,001 to $1,000,000
$1,000,001 to $3,000,000
$3,000,001 to $5,000,000
$5,000,001 to $10,000,000
>$10,000,000
Our organization has not filed any security-related insurance claims
Unsure
We're still negotiating with our insurance company for payment
Our insurance company refused to pay out
*
19.
Is your organization more/less prepared to identify and respond to the various data breach threats than it was 12 to 18 months ago?
(Required.)
Much more prepared and proactive
Somewhat more prepared, but we need to do more
No change; we're adequately prepared to deal with data breaches
Somewhat less prepared; we're more reactive than proactive
Much less prepared
We're overwhelmed; we lack the budget/resources to keep up with security threats
We're totally unprepared; we have no plan in place to respond to a security hack
Unsure
*
20.
Does your organization have a security awareness training program?
(Required.)
Yes
No
Not at this time; we plan to implement one within six to 12 months
We're considering it; no decision made
*
21.
How much time do administrators devote to managing your security awareness training programs during the year?
(Required.)
Two to four days
One week
Two weeks
No specific amount of time
Ad hoc
As needed
Other (please specify)
*
22.
What is the total amount of time allotted for security awareness training for each employee per year?
(Required.)
Up to 30 minutes
One hour
One to two hours
Two to four hours
> Four hours
No specific time allotted
Not applicable; we don't provide our employees with security awareness training
*
23.
Estimate how much your organization’s Security Awareness Training program has reduced your end-user malicious email click-through rate over the past 12 months?
(Required.)
From 100% down to 80%
From 79% down to 61%
From 60% down to 41%
From 40% down to 21%
From 20% down to 11%
From 10% down to 6%
From 5% to 1%
Unsure
Not applicable; we don't have a security awareness training program
Other (please specify)
24.
ESSAY QUESTION: What is your organization's view of the current and evolving threat landscape? What security measures are most effective in safeguarding the network and data assets from Cyber-heists, Phishing scams, Ransomware and targeted hack attacks? NOTE: Please leave your Email along with a comment to be eligible to win the $100 Amazon Gift certificate
Current Progress,
0 of 24 answered