A common refrain among security professionals goes like this. There are two kinds of companies in the world: those that know they’ve been hacked, and those that have been hacked and don’t yet know it.
CyberEdge, a small security consultancy based in Annapolis, Md., adds a third, middling category to the mix: those that expect to be hacked soon. According to the firm’s research, that camp of the reluctantly resigned is quickly growing.
At the end of last year, the firm polled 814 key IT security professionals across 19 industries in seven countries spanning North America and Europe. It then released the results in a report bound with a hoodie-donning Grim Reaper-type on the cover page. (Looks sort of like a Nazgûl-styled startup bro.) The ominous image sets the survey’s tone: Prepare for grim results.
“Confidence is falling,” bemoans the press release accompanying the survey, now in its second year, “with the majority of respondents expecting to be breached in the next 12 months, despite all of their efforts.”
The year’s digital security outlook doesn’t exactly inspire hope: The survey found that 52% of respondents believe they’ll “likely” be hit by a successful cyber attack this year, up from 39% last year. And even more respondents, 71% of them, admit that they fell victim to a successful cyber attack in the prior year.
Surely, a lot a has happened lately to deflate everyone’s expectations of security: a string of high profile hacks, humps, and hooplas, besieging the cyber space of retailers, movie studios, banks and others. Throwing money at the problem is not necessarily making things better either. Confidence continues to slump even as 62% report rising IT budgets, compared to 48% last year. (Lack of investment in security is still cited as one of the defenders’ main hurdles, along with low security awareness among employees and an unwieldy overabundance of data.)
The findings are marketed as a “complimentary report.” CyberEdge’s study isn’t as rigorous as, say, the tome that Verizon releases each year—its annual data breach investigations report, a bible of the security community. But the poll does offer a useful glimpse at the perceptions of those protecting computer networks.
In short: More attacks, less confidence. That’s not all too surprising. (And it certainly befits the interests of the security firms who sponsor the report as they, of course, would love to sell their products. Again, note the spooky silhouette on the cover.)
Beyond the somewhat sobering top-line findings, the most surprising part of the survey in Fortune‘s view is that nearly a quarter of respondents reported that they think a successful cyber attack is “not likely” in the next 12 months. After so many other companies have been clobbered with beaches, its almost hard to believe such a bastion of self-assurance holds out.
Guess they’ve got some tough passwords.