A majority of enterprises (86 percent) have proactively amplified security initiatives over the last year to combat the increase in cybersecurity attacks.

The KnowBe4 2019 Security Threats and Trends report asked survey respondents what issues their enterprises would face over the next year or posed the greatest threats to their firm's security. Their responses included:

  • Email/phishing scams - 96 percent
  • End user carelessness - 76 percent
  • Social engineering - 70 percent
  • Targeted hacker attacks - 46 percent
  • BYOD/mobile devices - 35 percent
  • Password attacks -32 percent
  • Data leaks - 31 percent
  • Regulatory - 28 percent
  • Lost, stolen devices -23 percent
  • Network edge attacks - 23 percent
  • Misconfiguration errors - 21 percent
  • Back door open - 19 percent
  • Combination of issues - 14 percent
  • Denial of service - 14 percent
  • Insider attacks - 11 percent
  • Physical attack - 9 percent
  • Corporate Espionage - 5 percent
  • Eavesdropping - 5 percent

Additional findings include:

  • Nearly nine out of 10 businesses – 89 percent – say they’re currently better equipped to deal with security threats than they were in 2018.
  • Three quarters or 76 percent of organizations say the biggest and most persistent security threat comes from “the enemy from within” – careless end users – who regularly clicks on bad links, placing organizations at higher risk of falling victim to email phishing, ransomware, CEO fraud scams and various forms of malware.
  • 58 percent of organizations cite budgetary constraints as an ongoing challenge in upgrading security.
  • 43 percent of survey participants still don’t allocate a significant portion of their IT budgets towards security expenditures. One-third of respondents don’t have a separate security budget and another 13 percent say the organization’s security budget is less than $25,000 annually.
  • Only 14 percent of organizations say they’re concerned about insider attacks from existing employees.
  • Half of participating companies report their security and IT staff are overworked and 40 percent say their organizations will face a shortage of skilled security professionals within the next 12 months.
  • 82 percent of respondents say proactive security maintenance (e.g., installing upgrades and patches) is a top priority over the next 12 months. That was followed by 61 percent of organizations that cite the need to keep pace with the latest security threats and 61 percent that say updating and enforcing computer security policies is major concern for their organization.
  • Some 27 percent of respondents identify their organizations’ inability to identify, quickly respond to and shut down hacks over the next 12 months as a top challenge and source of concern.
  • Only 18 percent of organizations calculate the hourly cost of downtime related to security hacks.
  • A 53 percent majority allow employees to access the corporate network and data using BYOD. However, only 39 percent of organizations currently have a plan to respond if a BYOD such as a laptop, tablet or smart phone is hacked, stolen or lost.

“This study shows us why it’s a really good idea to step your users through new-school security awareness training,” said Stu Sjouwerman, CEO, KnowBe4. “The threats aren’t going away any time soon – the bad guys are just getting more and more clever. That’s why it’s so important to build up your human firewall – your end users – to better protect your organization.”