The Security Bulldog Survey 2021

Question Title

* 1. Which of the following best describes your current occupation?

Full time cybersecurity

Part time or project based cybersecurity

IT position with cybersecurity responsibilities

IT position with no cybersecurity responsibilities

Other non IT or non cybersecurity role

Other (please specify)

Question Title

* 2. What is your work title?

Executive/CXO

CISO

CIO/CTO

Deputy CISO

IT Director

IT Security Director

IT Manager

IT Security Manager

Security Architect/Engineer

Security Specialist

Security Consultant/Advisor

Security Analyst

Security/Compliance Officer

Security Administrator

IT Staff

Application Developer/Tester

None of the above

Other (please specify)

Question Title

* 3. What percentage of your time is spent, per week, searching for cybersecurity information (data, videos, best practices, certifications, etc.) on the Internet?

100

Clear

i We adjusted the number you entered based on the slider’s scale.

Question Title

* 4. When you are searching for cybersecurity information on the Internet, what questions are you asking?

Software supply chain questions

Compliance questions

Certification, career and coaching questions

What is the latest news on breaches?

Data: CVE, TAXI, STIG, SBOM, etc.

What are the security best practices for my sized enterprise?

How to hire a new staff member?

What are the best products/services/tools to solve a particular security problem?

How to find a new job?

Reports: Remediation, Lessons Learned,

Other (please specify)

Question Title

* 5. Some possible threat scenarios and types of attacks are listed below. In the worst case, how would you classify the extent of damage in the event of each cyber incident?

	Insignificant	Minor	Critical	Catastrophic
Industrial espionage	Industrial espionage Insignificant	Industrial espionage Minor	Industrial espionage Critical	Industrial espionage Catastrophic
Access to data by government intelligence agencies	Access to data by government intelligence agencies Insignificant	Access to data by government intelligence agencies Minor	Access to data by government intelligence agencies Critical	Access to data by government intelligence agencies Catastrophic
Financially driven cyberattacks (e.g., ransomware, crypto-mining)	Financially driven cyberattacks (e.g., ransomware, crypto-mining) Insignificant	Financially driven cyberattacks (e.g., ransomware, crypto-mining) Minor	Financially driven cyberattacks (e.g., ransomware, crypto-mining) Critical	Financially driven cyberattacks (e.g., ransomware, crypto-mining) Catastrophic
Risk potential due to negligence on the part of internal employees	Risk potential due to negligence on the part of internal employees Insignificant	Risk potential due to negligence on the part of internal employees Minor	Risk potential due to negligence on the part of internal employees Critical	Risk potential due to negligence on the part of internal employees Catastrophic
Data theft / sabotage by own (current or former) employees	Data theft / sabotage by own (current or former) employees Insignificant	Data theft / sabotage by own (current or former) employees Minor	Data theft / sabotage by own (current or former) employees Critical	Data theft / sabotage by own (current or former) employees Catastrophic
Theft of customers` personally identifiable information / theft of digital identities / theft of access data	Theft of customers` personally identifiable information / theft of digital identities / theft of access data Insignificant	Theft of customers` personally identifiable information / theft of digital identities / theft of access data Minor	Theft of customers` personally identifiable information / theft of digital identities / theft of access data Critical	Theft of customers` personally identifiable information / theft of digital identities / theft of access data Catastrophic
Attacks on the software supply chain	Attacks on the software supply chain Insignificant	Attacks on the software supply chain Minor	Attacks on the software supply chain Critical	Attacks on the software supply chain Catastrophic
Attacks from the supply chain / from partners	Attacks from the supply chain / from partners Insignificant	Attacks from the supply chain / from partners Minor	Attacks from the supply chain / from partners Critical	Attacks from the supply chain / from partners Catastrophic

Question Title

* 6. In your opinion, what is the probability of each of the following cyber incidents occurring in your company or organization within the next 12 months?

	Very unlikely	unlikely	likely	very likely	don´t know
Industrial espionage	Industrial espionage Very unlikely	Industrial espionage unlikely	Industrial espionage likely	Industrial espionage very likely	Industrial espionage don´t know
Access to data by government intelligence agencies	Access to data by government intelligence agencies Very unlikely	Access to data by government intelligence agencies unlikely	Access to data by government intelligence agencies likely	Access to data by government intelligence agencies very likely	Access to data by government intelligence agencies don´t know
Financially driven cyberattacks (e.g., ransomware, crypto-mining).	Financially driven cyberattacks (e.g., ransomware, crypto-mining). Very unlikely	Financially driven cyberattacks (e.g., ransomware, crypto-mining). unlikely	Financially driven cyberattacks (e.g., ransomware, crypto-mining). likely	Financially driven cyberattacks (e.g., ransomware, crypto-mining). very likely	Financially driven cyberattacks (e.g., ransomware, crypto-mining). don´t know
Risk potential due to negligence on the part of internal employees	Risk potential due to negligence on the part of internal employees Very unlikely	Risk potential due to negligence on the part of internal employees unlikely	Risk potential due to negligence on the part of internal employees likely	Risk potential due to negligence on the part of internal employees very likely	Risk potential due to negligence on the part of internal employees don´t know
Data theft / sabotage by own (former) employees	Data theft / sabotage by own (former) employees Very unlikely	Data theft / sabotage by own (former) employees unlikely	Data theft / sabotage by own (former) employees likely	Data theft / sabotage by own (former) employees very likely	Data theft / sabotage by own (former) employees don´t know
Theft of digital identities / theft of access data	Theft of digital identities / theft of access data Very unlikely	Theft of digital identities / theft of access data unlikely	Theft of digital identities / theft of access data likely	Theft of digital identities / theft of access data very likely	Theft of digital identities / theft of access data don´t know
Attacks on the supply chain	Attacks on the supply chain Very unlikely	Attacks on the supply chain unlikely	Attacks on the supply chain likely	Attacks on the supply chain very likely	Attacks on the supply chain don´t know
Attacks from the supply chain / from partners	Attacks from the supply chain / from partners Very unlikely	Attacks from the supply chain / from partners unlikely	Attacks from the supply chain / from partners likely	Attacks from the supply chain / from partners very likely	Attacks from the supply chain / from partners don´t know

Question Title

* 7. Which of the following statements best describes the situation at your company, organization, or agency?

We have a full cybersecurity team with that is generally well trained, supplied and confident.

Our cybersecurity team is understaffed and needs more resources and training.

We don't have a separate cybersecurity team. Our IT staff is tasked with security; we try our best, but we need help.

We don't have a separate cybersecurity team. Our IT staff is tasked with security and we don't have a clue what to do.

Other (please specify)

Question Title

* 8. If you want us to send the results of the survey directly to you, please fill out this form. It is not required to do so.

Name

Company

Email Address

The Security Bulldog Survey 2021

Add your voice to guide our path.

Question Title

* 1. Which of the following best describes your current occupation?

Question Title

* 2. What is your work title?

Question Title

* 3. What percentage of your time is spent, per week, searching for cybersecurity information (data, videos, best practices, certifications, etc.) on the Internet?

Question Title

* 4. When you are searching for cybersecurity information on the Internet, what questions are you asking?

Question Title

* 5. Some possible threat scenarios and types of attacks are listed below. In the worst case, how would you classify the extent of damage in the event of each cyber incident?

Question Title

* 6. In your opinion, what is the probability of each of the following cyber incidents occurring in your company or organization within the next 12 months?

Question Title

* 7. Which of the following statements best describes the situation at your company, organization, or agency?

Question Title

* 8. If you want us to send the results of the survey directly to you, please fill out this form. It is not required to do so.