Australia and New Zealand
74% say their organization was breached in a cyberattack in the last 12 months, 41% experienced multiple breaches.
57% of assets connected to an organization’s network are monitored, leaving 43% unmonitored.
Organizations account for only 57% of asset attributes i.e. asset location or support status.
11 different tools are used to manage devices connected to the network.
10 different sources are used to collect threat intelligence data. However with just 49% to 53% of related processes automated, only 55% of the information gathered is actionable.
France
91% of IT Pros believe their organization needs enhanced policies and procedures to address security vulnerabilities. And just 35% have a formalized process to examine vulnerability and patch management.
53% of French organizations lack complete control and management over the company owned and managed assets connected to their environment.
9 different feeds are used to collect threat intelligence data. However, with just 53% to 60% of related processes automated, only 58% of the information gathered is actionable, leading to 33% of cybersecurity teams being overwhelmed by cyber threat information.
55% say their organization was breached in a cyber attack in the last 12 months, 28% experienced multiple breaches during the same period.
Loss of productivity (45%) and reputational damage (42%) are the most common consequences of being breached.
Germany
Only 29% of organizations report having complete visibility over assets connected to the company network, the lowest average globally. Consequently, 91% believe improvements are needed in this area.
66% of companies lack complete control and management of the assets connected to their network.
Organizations cannot account for 47% of asset attributes i.e. asset location or support status, below the global average (61%).
8 different sources are used to collect threat intelligence data. With just 49% to 59% of related processes automated, only 55% of the information gathered is actionable, leading to 38% of cybersecurity teams being overwhelmed by cyber threat information.
74% admit a complete lack of confidence in their ability to effectively mitigate the impacts across all assets connected to the network when facing a cyber attack.
Singapore
70% say their organization was breached as part of a cyber attack in the last 12 months, and 26% experienced multiple breaches in the same period.
Operational downtime (43%) and financial loss (37%) are the most common consequences of being breached.
IoT security is the top challenge in region, followed by outdated legacy infrastructure and balancing the need for security with the desire to innovate and adopt new technologies quickly.
On an average business day, 56,400 physical and virtual assets are connected to organizational networks. Only 51% of these assets are monitored, leaving half (49%) unmonitored.
11 different sources are used to collect threat intelligence data. However, with just 50% to 56% of related processes automated, only 62% of the information gathered is actionable, leading to 32% of cybersecurity teams being overwhelmed by cyber threat information.
United Kingdom
39% of IT security and IT decision-makers admit to feeling challenged by the U.K.’s increasingly complicated regulations and governance requirements.
39% of companies lack complete visibility over company owned assets connected to the business environment, and 42% reported a lack of control and management.
77% of respondents indicated a lack of visibility over employee owned assets connected to the business environment, and 78% reported a lack of control and management.
67% of employees are putting their businesses at risk by downloading apps and software without the knowledge of IT or security teams information.
8 different sources are used to collect data relating to threat intelligence. However, with just 52% to 55% of related processes automated, only 51% of the information gathered is actionable, leading to 25% of cybersecurity teams being overwhelmed by cyber threat information.
United States
78% report that their organization had been breached as part of a cyber attack in the last 12 months.
When asked how often employees within their organization download shadow IT onto connected assets in the business environment, 79% of U.S. respondents reported this behavior is happening at least some of the time – second only to respondents from Australia & New Zealand (80%). U.S. respondents were the most likely to report “this happens all the time” (32%), higher than the global average (25%).
Ten or more sources are used to collect data relating to threat intelligence, 59% rely on 10-20 sources. 28% said that their organization’s cybersecurity team feels overwhelmed by cyber threat information.
In the U.S., the top two consequences organizations experienced as a result of being breached in the last 12 months were operational downtime (39%) and financial loss (38%).
The U.S. is the most likely to report (71%) having an official BYOD policy that is enforced across all employees, far higher than the global average (54%).
Global
61% of global organizations confirmed they had been breached at least once over the last 12 months, with 31% experiencing multiple breaches during the same period.
On an average business day, 55,686 physical and virtual assets are connected to organizational networks. Global respondents shared that only 60% of these assets are monitored on average, leaving 40% unmonitored.
Just under half (45%) report using 10 or more different sources to collect data relating to threat intelligence. On average, only 58% of the information gathered is actionable, leading to 29% of respondents saying their cybersecurity team is overwhelmed by cyber threat information.
Three-quarters (75%) of global respondents say employees are downloading shadow IT to connected assets in the work environment at least some of the time, with a quarter (25%) reporting that this happens all the time.
On average, global respondents indicated their organizations use 11 different tools to manage network-connected assets, while 44% admit to still using manual spreadsheets.
Attack Surface Management Organization Trends and Challenges
Around the world organizations are facing unprecedented cyber risk due to blind spots in their environment with security teams overwhelmed with threat intelligence data which lack actionable insights. 61% of global organizations confirmed they had been breached at least once over the last 12 months, with 31% experiencing multiple breaches during the same period.
In May 2023, Armis surveyed 900 IT security and IT decision makers of large global enterprises in the U.S., UK, France, Germany, Singapore, Australia and New Zealand seeking to understand the key challenges they faced managing their ever-changing attack surface.
This interactive site will drill down into country level responses to show the trends seen around the world, what impacts breaches have had on organizations and the challenges they have. Armis provides recommendations to businesses on what they need to do to address them.