What We Learned from the 2024 State of Cybersecurity Survey

Cybersecurity is a pressing topic of concern for most organizations today, as any amount of sensitive data or digital assets can present a security risk. Understanding the digital landscape, threat trends, and the way they change over time is an essential step in defending against cyberattacks. It can be daunting for any organization to stay in the loop and maintain perspective on cyberthreats and security practices.

Fortra’s 2024 State of Cybersecurity Survey polled over 400 cybersecurity professionals across a wide range of industries and locations in order to obtain a clear-sighted view of security. These professionals answered questions about security challenges and the tools and practices in place to mitigate them. Below are some key takeaways from the survey results.

Risks and Challenges

The first step to building security is understanding the risks present. Survey respondents were asked about their anticipated threats, security goals, and challenges for the following 6-12 months.

• The security risks most cited as being a top five concern are phishing and smishing (81%), malware and ransomware (76%), and accidental data loss and data leakage (63%).
• Top cybersecurity initiatives include limiting outsider threats like phishing and ransomware (74%), identifying and closing security gaps (73%), and improving security culture and awareness (66%).
• The biggest challenges to carrying out those plans are budget limitations (54%), constantly changing threats (45%), and lack of security knowledge and skills (45%).

These responses indicate a continuing need to account for the security struggles presented by the cloud, difficulties with staffing and expertise, and the use of advanced tactics like AI for carrying out cyberattacks. Threats are changing, but the answer may not require continual adoption of the newest technology for security.

Security Initiatives

Attempting to implement security initiatives often requires a large initial investment of time and labor, and many organizations are reluctant to undertake such a task for a variety of reasons. Zero trust is a highly recommended security initiative, but only 23% of respondents have already begun implementing it. An additional 30% are currently partnering with security providers to build a road map to zero trust, but 25% are not ready due to a lack of resources, and 22% are not ready due to operational complexities.

Establishing and maintaining compliance with regulations is an essential security initiative, and many organizations are subject to multiple requirements. The most common compliance regulations that respondents have to adhere to are GPDR (46%), PCI-DSS (39%), and HIPAA (33%). A promising 63% of respondents say they know what is needed to achieve compliance and are on track to do so, while 28% know what is needed but not how to get there.

The cloud presents a major challenge for organizations adopting new technologies, as cloud solutions pose unique risks but are often adopted quickly and without proper focus on security. Of the survey respondents, 64% report having a hybrid environment combining cloud and on-premises solutions, while 19% are cloud-first, 12% are cloud-only, and a mere 6% have no plans to move to the cloud. The latter group primarily cites security concerns as the deciding factor in their organization not moving to the cloud.

Tools and Vendors

Part of the survey explores the respondents’ thoughts regarding the cybersecurity tools and vendors their organizations use. Tool and vendor sprawl is a logistical challenge as well as a security risk, as integrating more and more tools is bound to lead to gaps in defenses. When asked about their confidence level in their knowledge of their security tools, 21% of respondents said they were very confident, 55% confident, 21% somewhat confident, and 4% not confident.

Respondents were also asked about their vendor consolidation journey; 45% have started to consolidate vendors, 21% are planning and may consider managed services, and 34% have no plans to consolidate vendors. The top drivers for vendor consolidation are improved security posture (73%), reduced operational management (68%), cost savings (66%), and time savings (52%).

Staffing and Managed Services

Cybersecurity staffing shortages affect many organizations, which meet the challenge with a variety of practices and methods to mitigate it. The majority of survey respondents (67%) are working on improving the skills of their staff, and 33% are leveraging managed security services. Equal numbers of companies are actively hiring (28%) and not actively hiring (28%).

Those who engage in managed services or are considering doing so were asked which cybersecurity functions they are using or would use managed services for. The top responses are email security and anti-phishing (58%), vulnerability management (52%), data protection (51%), and compliance (40%). These areas are common sources of cybersecurity risks and challenges, and the survey results show that many organizations are turning to managed security service providers (MSSPs) to ease some of the burden of security responsibilities.

Conclusion

Technology moves quickly, and threat actors are always looking to innovate their attacks as well, so keeping up to date on both threat trends and security trends is vital. By listening to professionals who work in cybersecurity, we can gain a general understanding of what threats are most concerning to organizations and what tactics and solutions they are using to ensure their security. The survey results provide that understanding with solid data and analysis of the biggest challenges facing security professionals today.

To read the full survey results and gain more insight into the state of cybersecurity, view the full guide here.