Only a quarter of companies avoided data breaches last year

finding right path

There’s a lot of different ways to show how serious the security problem is for organizations, but here’s a new way of putting it: Only one out of every four organizations managed to avoid cyberattacks in the past 12 months. 

More than half of organizations (52%) were breached between one and five times in the past year, according to CyberEdge Group’s 2016 Cyberthreat Defense Report by Imperva. And most organizations aren’t predicting that 2016 will be the year it all turns around: 46% said a successful cyberattack was somewhat likely this year and 16% said it was very likely.

The wide-ranging survey contains a number of insights on the modern IT landscape and the challenges tech pros face. Some highlights:


The No. 1 concern cited for establishing effective defenses against cyberattacks was, not surprisingly, users. IT pros said low security awareness among employees was the biggest problem (with an average score of 3.48/5 in severity).

That would likely explain the emphasis so many companies put on privileged users. According to the report, 82% of companies agreed they have invested adequately in technology to monitor the activities of privileged users.

This watchful eye is likely a wise security investment. And 44% of organizations said they’re also re-evaluating their current endpoint protection with an eye toward upgrading it.


Another area of cybersecurity concern was mobile devices − and with good reason. We’ve already seen that mobile breaches are real and more common than people may think.

And when it comes to mobile policies, it would seem that many organizations are lagging. Only 26% of those surveyed said they already have BYOD policies in place. Others:

  • plan to implement in the coming year (38%)
  • plan to implement within two years (16%), and
  • have no plans to implement BYOD policies (20%).

Whether sanctioned or not, BYOD is often a fact of life for organizations. That makes its all the more important to have mobile policies (even if those policies are “Nope, don’t do it”).

Other mobile device protection strategies that companies either had already or were getting ready to implement included:

  • mobile device antivirus/antimalware (90%)
  • MDM (90%)
  • VPN protection (87%), and
  • containerization (80%).

These are all good measures to have in place, but again: Policies are the single most important way to advise users of the dangers and make sure you have protection in place.


Perhaps one of the biggest security trends (or at least one of the most interest to IT pros) is how much they’ll have to spend defending their systems.

Nearly three-quarters (74%) of study participants said their security budget would increase in 2016 (in 2015 and 2014 it was 62% and 48%, respectively).

And more and more of IT’s overall budget is going toward security. Almost half (48%) of organizations said security accounts for more than half of IT’s overall budget.


Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy