Cisco Annual Security Report reveals a decline in defender confidence

The Cisco® 2016 Annual Security Report released today, which examines threat intelligence and cybersecurity trends, reveals that only 45 percent of organizations worldwide are confident in their security posture as today’s attackers launch more sophisticated, bold and resilient campaigns.
While executives may be uncertain about their security strength, 92 percent of them agree that regulators and investors will expect companies to manage cybersecurity risk exposure. These leaders are increasing measures to secure their organizations’ future, particularly as they digitize their operations.
The report highlights the challenges businesses face due to the rapid advancements of attackers. Hackers increasingly tap into legitimate resources to launch effective campaigns for profit-gain. Additionally, direct attacks by cybercriminals, leveraging ransomware alone, put $34 million a year per campaign into their hands. These miscreants continue to operate unconstrained by regulatory barriers.
Businesses are up against security challenges that inhibit their ability to detect, mitigate and recover from common and professional cyberattacks. Aging infrastructure and outdated organizational structure and practices are putting them at risk.
The study sounds a global call-to-arms for greater collaboration and investment in the processes, technologies and people to protect against industrialized adversaries.
Top Research Findings

  • Decreasing confidence, increasing transparency: Less than half of businesses surveyed were confident in their ability to determine the scope of a network compromise and to remediate damage. But, an overwhelming majority of finance and line-of-business executives agreed that regulators and investors expect companies to provide greater transparency on future cybersecurity risk. This points to security as a growing boardroom concern.
  • Aging infrastructure: Between 2014 and 2015, the number of organizations that said their security infrastructure was up-to-date dropped by 10 percent. The survey discovered that 92 percent of Internet devices are running known vulnerabilities. Thirty-one percent of all devices analyzed are no longer supported or maintained by the vendor.
  • SMBs as a potential weak link: As more enterprises look closely at their supply chain and small business partnerships, they are finding that these organizations use fewer threat defense tools and processes. For example, from 2014 to 2015 the number of SMBs that used web security dropped more than 10 percent. This indicates potential risk to enterprises due to structural weaknesses.
  • Outsourcing on the rise: As part of a trend to address the talent shortage, enterprises of all sizes are realizing the value of outsourcing services to balance their security portfolios. This includes consulting, security auditing and incident response. SMBs, which often lack resources for an effective security posture, are improving their security approach, in part, by outsourcing, which is up to 23 percent in 2015 over 14 percent the previous year.
  • Shifting server activity: Online criminals have shifted to compromised servers, such as those for WordPress, to support their attacks, leveraging social media platforms for nefarious purposes. For example, the number of WordPress domains used by criminals grew 221 percent between February and October 2015.
  • Browser-based data leakage: While often viewed by security teams as a low-level threat, malicious browser extensions have been a potential source of major data leaks, affecting more than 85 percent of organizations. Adware, malvertising, and even common websites or obituary columns have led to breaches for those who do not regularly update their software.
  •  DNS blind spot: Nearly 92 percent of “known bad” malware was found to use DNS as a key capability. This is frequently a security “blind spot” as security teams and DNS experts typically work in different IT groups within a company and don’t interact frequently.
  • Time to detection faster: The industry estimate for time to detection of a cybercrime is an unacceptable 100 to 200 days. Cisco has further reduced this figure from 46 to 17.5 hours, since the 2015 Cisco Midyear Security Report was released. Shrinking the time to detection has been shown to minimize cyberattack damage, lowering risk and impact to customers and infrastructures worldwide.
  • Trust matters: With organizations increasingly adopting digitization strategies for their operations, the combined volume of data, devices, sensors, and services are creating new needs for transparency, trustworthiness, and accountability for customers.

For a complete copy of the 2016 Cisco Annual Security Research report, and to read more about Cisco’s recommendations as to what businesses can do to mitigate against risk, click here.
About the Report
The Cisco 2016 Annual Security Report analyzes the most compelling trends and issues in cybersecurity from Cisco security experts on the advances made by both the security industry and by the criminals hoping to break through security defenses. In addition, the report highlights key findings from Cisco’s second annual Security Capabilities Benchmark Study, focused on security professionals’ perceptions of the state of security in their organizations. Geopolitical trends, insights into perceptions of cybersecurity risk and trustworthiness, and the tenets of an Integrated Threat Defense round out the report.

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

ASSA ABLOY - securitybuyer.com

BG100 Speedgate Recognised with Red Dot Award

Combining an Aesthetically Appealing Design, Function and Innovation, the BG100 Speedgate Sets New Benchmark for …
Product Spotlight - Videx - securitybuyer.com

Product Spotlight – Era Series

VIDEX presents its new series of outdoor compact video door entry systems, Era Series, and showcases their durability, configuration…
Zenitel LinkedIn Live

REGISTER NOW: Dynamic Audio Technology with Zenitel

Security Buyer Live is proud to announce an exclusive webinar session with Wim van Winghe, Senior Vice President EMEA at Zenitel..
Security Buyer Carousel

June Edition of Security Buyer available in library

The June edition of International Security Buyer is available in the Security Buyer library. This issue marks a pivotal moment in 2025…
Christina Alexander Judge - SecurityBuyer

Christina Alexander Announced as Security Buyer Awards Judge

Security Buyer is proud to announce Christina Alexander as the latest addition to the distinguished judging panel for the Security…
ASSA ABLOY SMARTair - Security Buyer

More flexible management of Gen-Z student accommodation

Almost everyone attending university for the first time is now a digital native. They expect the convenience…
SB Awards register now advert - Security Buyer

Launching Security Buyer Awards

Honouring innovation, leadership, and success across the global security industry at the Security Buyer Judges’ and Readers’ Awards 2025 
Product Spotlight - HID

Product Spotlight – HID

Access control is evolving into a smart, responsive platform—integrating embedded apps, IoT, and cybersecurity to deliver…
Sophos

Sophos Enhances Protection and Incident Response

Sophos announces an update to its Sophos Firewall, now including Sophos NDR Essential, which is free for all customers with an…
Dallmeier

Tenerife Airport relies on video technology

Tenerife Norte-Ciudad de La Laguna Airporthas significantly improved its safety by installing state-of-the-art video technology..
Scroll to Top