AI-based Security Innovations, Declining Successful Cyberattacks, and Rising IT Security Budgets Spur Cautious Optimism Among Cybersecurity Professionals

CyberEdge Group, a leading research and marketing firm serving the cybersecurity industry’s top vendors, today announced the publication of its 2024 Cyberthreat Defense Report (CDR). This year’s 10th anniversary special edition provides keen insights into how artificial intelligence (AI) is impacting the cybersecurity industry and how enterprises leverage IT security training to improve job satisfaction. It also spotlights the growing inclusion of cybersecurity experts on boards of directors. Further, the report reveals which cybersecurity technologies are in highest demand.

IT Security Teams Have the Upper Hand With AI… For Now

Artificial intelligence is both a blessing and a curse for IT security teams. While 97 percent of security professionals surveyed agree that AI will benefit security teams, 96 percent also believe it will benefit threat actors. However, when asked who will benefit more, 50 percent more respondents say they believe AI will give security teams the upper hand than those who believe threat actors will benefit more.

Security Professionals Feel Cautiously Optimistic

Several findings in this year’s CDR show that IT security leaders are feeling cautiously optimistic. The percentage of organizations victimized by a successful cyberattack declined for the third consecutive year, while the percentage of organizations victimized by a successful ransomware attack fell for the first time in CDR history. Nearly nine in 10 IT security operating budgets are rising, and at a record pace. Meanwhile, the percentage of security professionals who believe that a successful cyberattack is more likely than not in the coming year declined significantly.

“There’s no question that AI is having a profound impact on the way IT security teams mitigate cyber risks,” says Steve Piper, founder and CEO of CyberEdge Group. “AI is helping short-staffed security teams work smarter, rather than harder, to accomplish more with fewer resources. Although AI may have given security professionals the upper hand, for now, we must remain vigilant. Generative AI is already giving cyber adversaries new tools for creating better-written phishing emails and the means to create compelling deepfake images, videos, and audio. Investing in cybersecurity training for IT staff and security awareness training for all employees is more important than ever.”

Additional Key Findings

CyberEdge Group’s award-winning CDR is the standard for assessing organizations’ security posture, gauging the perceptions of IT security professionals, and ascertaining current and planned investments in IT security infrastructure – across all industries and geographic regions. The 2024 CDR yielded dozens of additional insights, including:

  • Ransomware tides are turning. For the first time in five years, the percentage of organizations victimized by ransomware declined (from 73 percent to 64 percent) and the percentage of victims that paid ransoms fell below 50 percent. However, only 57 percent of victims that paid ransoms successfully recovered their data, down from 73 percent.
  • AI threats are looming. More than four in 10 respondents believe that AI will improve threat actors’ abilities to discover weaknesses in cybersecurity defenses (45 percent), increase the sophistication of cyberthreats (42 percent), and empower threat actors to craft more-effective phishing and spear-phishing emails (41 percent).
  • Boards with security experts. Six in 10 boards of directors have at least one member with a cybersecurity background.
  • Cloud deployments are up. Forty percent of security applications and services are deployed via the cloud, up from 36 percent four years ago.
  • Hottest security tech for 2024. The security technologies (by category) most widely planned for acquisition this year include next-generation firewalls (network security), deception technology (endpoint security), bot management (application and data security), and advanced security analytics (security management and operations).
  • This year’s weakest links. Industrial control systems (ICS), application containers, and mobile devices top this year’s list of the IT components that are most challenging to secure.
  • Feeling short-staffed. Nearly seven in eight organizations (86 percent) are experiencing a shortfall of security talent, with IT security administrators in greatest demand.
  • Training is key. Cybersecurity training and certification are cited as the number one initiative to improve the job satisfaction of IT security professionals.
  • Record security spending. The average IT security operating budget increased by 5.7 percent this year, an all-time CDR high.

About the CDR

In November 2023, 1,200 IT security decision makers and practitioners completed a 27-question online survey. Each participant is employed by a commercial or government entity with at least 500 employees, located in one of six geographic regions: North America, Europe, Asia Pacific, the Middle East, Latin America, and Africa.

The CDR gauges perceptions about cyberthreats and ascertains future plans for improving security and reducing risk. The report empowers IT security professionals to benchmark their company’s security posture, operating budget, product investments, and best practices against peers in their industry and geographic region.

The 2024 CDR is supported by leading information security vendors:

  • Platinum sponsors: Cloudflare, CyberArk, Google Cloud, Imperva, ISC2, and Proofpoint
  • Gold sponsors: BlueCat Networks, Delinea, OpenText, SailPoint, ThreatX, and Tufin
  • Silver sponsors: Axiad, Legit Security, Netwrix, Phosphorus, Picus Security, and Reveal Security

Now available

The 2024 Cyberthreat Defense Report is available from all sponsors or by visiting the CyberEdge Group website at www.cyber-edge.com/cdr.

About CyberEdge Group

CyberEdge Group is an award-winning research and marketing consulting firm serving the diverse needs of the cybersecurity vendor community. Headquartered in Annapolis, Maryland, with 40+ consultants based across North America, CyberEdge works with approximately one in every five IT security software and service providers. The company’s annual Cyberthreat Defense Report provides information security decision-makers and practitioners with practical, unbiased insight into how enterprises and government agencies defend their networks in today’s complex cyberthreat landscape. For more information, visit www.cyber-edge.com.

The CyberEdge Group name and logo are trademarks of CyberEdge Group, LLC in the United States and other countries. All other trademarks and service marks are the property of their respective owners.

Media Contact: Leslie Kesselring Kesselring Communications 503-358-1012 Leslie@kesscomm.com CyberEdge Group Contact: Steve Piper CEO CyberEdge Group 443.603.1500 steve.piper@cyber-edge.com