Netwrix Research Lab conducts industry surveys among IT pros worldwide to discover up-to-date interests and granular trends' analysis of the industry
Netwrix asked 720 IT pros all over the world how they assess vulnerabilities in their IT infrastructure. The survey found that most companies invest in vulnerability assessment primarily to be proactive rather than to ensure compliance. We also asked what they appreciate most about the solutions they already use or would like to implement.
of organizations have a vulnerability assessment tool, either deployed internally or provided as a third-party service
said the primary reason for purchasing the tool was the need for proactive security measures
of respondents said they would consider changing to a new solution if it would reduce the volume of false positive alerts
The year 2020 ushered in an era of deep disruption and adaptation. As the sky fell, sysadmins were the ones battling to hold it up. To celebrate Sysadmin Day 2021, we surveyed 732 sysadmins from a variety of organizations worldwide to learn how the exceptionally weird year affected them and their organizations. We also asked about their most precious desires and dreams. This special report details what we discovered and celebrates the power and resistance of sysadmins, the very heart of the IT force!
of sysadmins report that the amount of time they spend working increased since last year.
admit that remote work diverted their attention away from security tasks.
say their life would be easier if users would stop clicking on suspicious links or attachments.
In 2020, many organizations quickly adopted cloud technologies to support the sudden shift to remote work. We have revised our annual Cloud Data Security Report to reflect these unprecedented changes, using a global survey of IT professionals. This report will help organizations benchmark their security efforts against their peers and better understand the threats to data stored in the cloud.
of organizations that store customer data in the cloud had security incidents in the past 12 months.
of respondents report that data theft by hackers led to customer churn and loss of competitive edge.
of CISOs say that business pressure for rapid digitalization, transformation and growth distracts them from data security.
We have asked 937 professionals about how the pandemic changed the IT risk landscape. The study revealed that every fourth organization believes they are at greater cybersecurity risk now than before the pandemic. The most common incidents reported since transition to remote work were dependent on the human factor and included phishing, admin mistakes and improper data sharing by employees.
of CISOs admit they sacrificed cybersecurity to quickly enable employees to work remotely.
of organizations reported at least one phishing attack during the first three months of the pandemic.
of respondents suffered a ransomware or other malware attack since transition to remote work.
We have asked 937 professionals about how the pandemic forced them to change their IT priorities. The study showed that the IT skills shortage requires organizations to prioritize investment in IT staff education. Network and data security tied for the top slot, owing to the rapidly growing remote workforce.
of organizations named data and network security as their top IT priorities for the rest of 2020.
of public institutions plan to focus on digital transformation, up from 26% prior to the pandemic.
of organizations plan to educate IT personnel. Pre-pandemic, only 19% had it on their list.
Organizations are investing more than ever in cybersecurity, yet data breaches are increasing in both number and size. The survey revealed that while security professionals successfully mitigate security issues at some of the six stages of data lifecycle, they often overlook other stages, leaving their organization’s content vulnerable. In addition, they generally know very little about what data they have, how sensitive it is, where it is stored, and who has access to it. Both factors prevent them from efficient data security.
of organizations that are subject to the GDPR collect more customer data than the law permits.
of organizations ignore the security best practice of reviewing access rights to data on a regular basis.
of CIOs don’t have cybersecurity and risk KPIs that are regularly reported to their executives.
The demand for IT support keeps growing, and many IT professionals have to juggle ongoing digital transformation and unresolved operational issues, and ensure their organizations are secured against cyber threats. We have asked 1045 professionals to name their top five IT projects for the next year.
of organizations named data security as their top IT priority for 2020.
of respondents plan to focus on automating manual tasks.
of organizations will educate IT personnel or acquire talents.
With compliance regulations growing tighter and data privacy taking center stage, in this year’s report we focused on data security in the cloud. We asked organizations about the kinds of data they store in the cloud, their top concerns about securing that data, the incidents they have experienced and their future plans for storing data in the cloud.
of organizations store PII of customers and employees in the cloud, unlike financial data and intellectual property.
of organizations that do not classify customer PII stored in the cloud experienced at least one security incident in the past year.
of organizations couldn’t identify who was actually at fault for a security breach, compared to 6% in 2018.
For our third annual IT risks survey, we decided to completely revamp our approach and make an in-depth study of six major IT risks that are significant for most organizations. The research revealed a vivid discrepancy between organizations’ expectations and reality. For most companies insiders, who make mistakes, are more dangerous than hackers.
of respondents do not know what their employees are doing with sensitive data.
of respondents re-evaluate their IT risks at least once a year.
of organizations have an actionable incident response plan.
The results of the 2018 edition of the annual Netwrix customer survey are now available. You’ll learn which problems Netwrix Auditor helps customers solve and what results they have been able to achieve. You’ll also find out why they were shopping for a solution in the first place and how satisfied are they with the choice they made.
of our customers say that the primary reason for choosing Netwrix Auditor was its functionality.
of respondents are able to detect anomalous user activity before it leads to a security incident.
of respondents state that Netwrix Auditor is a strategic investment that helps them improve overall security.
Together with flexibility and cost savings, cloud technology has also brought new security challenges and risks. They may vary depending on how much the cloud is used for storing sensitive assets, how heavily regulated the industries are, how experienced the cloud customer is and other factors. Nevertheless, security remains a major concern for cloud users.
This report is based on the data received for the 2018 Cloud Security Report but is segmented by
industries and regions to provide detailed overviews of the current state of cloud security in various
groups of participants as well as their plans to improve it.
of health care and government entities are concerned about malware, though it is the number two concern for all industries surveyed.
of educational institutions perceive their own employees to be the biggest threat to cloud security, which is the largest share among the industries surveyed.
of North-American and European organizations have chosen to improve employee training in order to strengthen cyber security.
Analysts predict that customers are going to be responsible for the vast majority of cloud security failures. The third annual Cloud Security Report reveals how far our respondents are ready to go with cloud adoption, whether they trust the cloud enough to store sensitive data there, and how they protect data in the cloud.
of organizations store sensitive data in the cloud; mostly it consists of customer, employee, financial and sensitive business data, as well as intellectual property.
of organizations share the opinion that employees represent the biggest risk to cyber security.
of organizations blame their own IT users for security incidents in the cloud.
The report provides an in-depth study of what organizations do to minimize various IT risks in security, compliance and operations. It complements and completes the 2017 IT Risks Report by focusing on various industries, organizational sizes and regions.
of financial organizations do not have a separate cyber-security function.
of manufacturing companies have zero visibility into mobile devices, despite the wide use of mobile devices for work purposes.
of healthcare organizations are fully aware of what is happening in their databases
With the 2017 IT Risks Report, Netwrix continues to analyze how organizations are working to combat various IT risks. The report is based on a survey of IT pros concerning the IT risks they deal with on a daily basis, the processes and resources they have in place to address those risks, and how prepared they are for today’s cyber threats. Key findings presented in the report include:
of organizations have experienced security incidents, due mainly to malware and human errors.
of organizations had operational issues, which were most frequently caused by accidental, incorrect or malicious user activity.
of respondents had compliance issues, mostly due to their inability to provide proof of compliance or quickly find required data.
Our annual customer survey provides insight into how organizations improve their security and compliance processes, as well as the efficiency of their everyday IT operations, with Netwrix Auditor. It also offers valuable first-hand feedback about real-life use cases and the benefits companies get with the software.
of customers perform routine tasks faster.
of surveyed organizations maintain security policies more efficiently.
of respondents have simplified and accelerated preparation for IT compliance audits.
The Netwrix 2016 Cloud Security Report offers insight into how cloud challenges and benefits have evolved since 2015. We survey how cloud adoption has impacted cyber security, what poses the largest threat to data security in the cloud and whether organizations are ready to embrace the cloud fully.
of organizations use the cloud today, while in 2015, only 43% did.
of organizations are concerned about the security and privacy of data and systems in the cloud.
of organizations see their own employees as the biggest threat to data security in the cloud.
The 2016 Netwrix Visibility Report explores whether organizations have visibility into various elements of their IT infrastructures and whether visibility helps organizations to succeed in ensuring they have control over their IT environments and in mitigating various risks, including insider threats. The report also reveals how organizations worldwide perceive that the current state of visibility will change in the near future.
of technology users claim to have zero or partial visibility into their cloud and hybrid environments.
of respondents are either not aware or only partly aware of what is happening to their unstructured data and file storage.
of organizations do not have complete visibility into user, IT staff and third-party activity in their IT infrastructures.
The 2016 IT Risks Report unveils how IT changes influence various cyber risks and how well organizations are prepared to beat them. We explore current IT auditing tendencies, whether organizations have relevant IT controls and visibility into IT environments to mitigate cyber risks.
of organizations experienced security incidents that involved malicious activity.
of surveyed companies had operational issues caused by malicious, incorrect, and unauthorized IT changes.
of respondents had compliance issues due to lack of visibility into IT changes.
SIEM solutions are considered to be advanced mechanisms for improving security for any enterprise. At the same time, SIEM systems have certain limitations that make them inefficient without additional investments in technology and personnel, which in turn significantly increase the total cost of SIEM ownership.
Netwrix studied the opinions of IT pros who use SIEM solutions for security and IT infrastructure monitoring. The purpose of the survey was to find out what bothers IT pros the most about their existing SIEM solutions and what ways they see to leverage their SIEMs.
of companies want to reduce SIEM expenses.
of respondents say it's hard to find necessary data upon request in SIEM solution.
of IT pros strengthen their SIEM through integration with IT auditing solution.
A top-notch user experience has always been one of the main business goals for customer-driven companies. This survey was undertaken to gain a better insight into customer feedback, identify the most popular use cases and make sure that customers achieve positive results with Netwrix Auditor. Our goal to further improve our offer and meet customers’ needs and expectations.
of customers pass compliance audits faster.
of respondents are able to better maintain security policies.
of IT pros have significantly reduced time-consuming routine tasks.
Cloud technology is gaining increasing attention from businesses looking for technological innovations to optimize expenses and operations. The cloud offers modern businesses different advantages, such as scalability, global availability, streamlined operations, and reduced costs.
However, like any other immature technology, the cloud has flaws. The most common concern associated with the cloud is its security. We have decided to explore this problem to find out what IT professionals think of cloud adoption, how critical the security issue is for these professionals and how this issue impacts the entire decision-making process.
of surveyed IT pros indicated that data security is their number one concern associated with the technology.
of companies are afraid that migration to the cloud will increase risks of unauthorized access.
of enterprises perceive continuous auditing of cloud infrastructure as a very important part of security guarantees.
In light of the wave of data breaches affecting diverse companies we decided to continue researching into how companies deal with IT changes and initiated a second survey to find out how massive security breaches and violations of compliance standards have changed the organizations’ attitudes toward change management.
IT professionals answered questions about change management controls in their organizations and shared some insights about how these policies worked in the real world. The main question that intrigued us was whether companies became more proactive in achieving visibility into their IT infrastructures, and therefore became more successful in strengthening security and ensuring system uptime.
of surveyed IT pros stated they from time to time make undocumented changes, against 57% in 2014.
of enterprises have established change auditing processes to monitor their IT infrastructures, against 52% in 2014.
of small companies have started to track changes despite the lack of change management controls, against 30% last year.
Security has always been a hot topic, especially for large companies that solve this issue with deploying SIEM solutions, which is a bold step toward delivering visibility to cyber security posture. SIEM solutions allow you to look into security logs and gather information that helps manage user and service privileges, as well as identify and report on security threats and suspicious activity.
This survey was meant to find out how IT professionals are leveraging their SIEM to provide visibility across the entire IT infrastructure and how this helps them strengthen IT security.
of surveyed IT pros stated that they have encountered security violations of their IT infrastructures.
of SMBs make little effort to ensure security of their IT infrastructures and struggle to monitor changes.
of IT professionals admitted that deploying a SIEM solution didn’t prevent security incidents from happening.
Changes to critical IT systems are a daily part of any IT organization’s ability to meet the constant barrage of requests for improved, faster and more efficient services. Without any means to track what has changed, an IT organization has little ability to know what change was the root of a data breach or what caused a system to stop functioning properly.
The report provides an idea of how organizations today see the impact of changes made, the use of change auditing and the methods and processes intended to maintain security and system availability.
of surveyed IT pros have made changes that caused services to stop.
of IT professionals have made a change that was the root cause of a security breach.
of companies have little or no real ability to audit the changes made, revealing serious gaps in meeting security best practice or compliance objectives.