A Benchmark Survey of Security Professionals in the U.S., U.K., and Asia-Pacific Regions

The Current State of Security Maturity

Many companies are focused on growing their security maturity — part of that growth is establishing a security operations center (SOC) within their organization. Special threat detection programs can be another indicator of security maturity. More than 70 percent of decision makers have programs in place to detect specific threats such as ransomware, insider or employee threats, and denial of service attacks. For those organizations that currently lack a formal SOC, most plan to add one within the next two years.

Team size is another important indicator, as it can provide insight into an organization’s commitment to a well-staffed security program. In this survey, on average, respondents said they employ 12 cybersecurity professionals in their organization. More than half indicated that they employ 10 or fewer professionals on their teams. A huge majority of IT decision makers — 95 percent — use security software to prevent and react to threats. More than a quarter deploy more than 10 security software solutions to manage security threats.

The purpose of this study was to determine the cybersecurity perceptions and practices among organizations in the United States, United Kingdom, and AsiaPacific regions.

The results of this report are from an online survey of 751 IT decision makers who indicated that cybersecurity was part of their responsibilities. Of these respondents, 250 came from the United States, 250 from the United Kingdom, and 251 from the Asia-Pacific region. The Asia-Pacific region was represented by decision makers in Australia, Singapore, Hong Kong, and Malaysia.

These respondents indicated they were employed in mid- to large-sized companies (minimum 500+ employees).