Cybersecurity FutureWatch 2018...introduces significant business risk. These emerging technologies, such as cloud, IoT and artificial intelligence, constantly evolve, and place a double

Cybersecurity FutureWatch 2018SECURITY MUST EVOLVE TO MATCH ACCELERATING PACE OF EMERGING TECHNOLOGY ADOPTION

02

Table of Contents

Executive Summary

Key Drivers

Current Landscape

Security Maturity

Risk Review

Future View

Methodology

03

04

06

09

11

13

15

KEY FINDINGS

• Only 30 percent of respondents are confident their business will avoid a major security event in the coming two years.

• Respondents identified that operational disruption and reputational damage are more concerning than regulatory penalties should a

significant security event occur.

• Firms using proactive and predictive security approaches reduced

their risk profile by 30 percent.

• 55 percent of respondents are actively planning to replace their

incumbent MSSP providers.

• 72 percent of respondents are currently using or plan to deploy cloud services.

• Firms are adopting threat detection and response, identity access management and cloud security services to support a boom in the

adoption of emerging technologies.

A firm’s participation in higher-risk industries and, in conjunction, its adoption of emerging technologies creates a

measurable risk profile. IT teams are often trapped in the innovator’s dilemma of meeting business demands through

the adoption of new technologies. But, they also are held accountable for the risks and damaging costs associated

with the exploitation of emerging technologies like IoT, cloud-based services and artificial intelligence.

Line of sight from the IT team to the board provides the greatest vantage point to risk identification, coupled with risk

mitigation in the form of budget and resources. Firms with lower multiple-hop reporting structures and limited board

visibility often struggle to articulate security risks and the required resources to mitigate those risks, leaving the firm

with greater vulnerability to cyberattacks.

Security maturity and the willingness to leverage industry-best security services can offset the risks associated with

threats, such as external attacks and insider risks. Companies that are mature in their cybersecurity approach also

can meet the demands of internal risk management programs, report and demonstrate value to senior management,

and meet client and regulatory requirements.

Firms that rely solely on prevention technologies and managed security service providers (MSSPs) offering device

management services, are more susceptible to a broad spectrum of risks. They struggle to demonstrate value to

fiduciary officers and show a strong willingness to switch vendors.

On the other hand, companies that adopt a more proactive and predictive security model are freed from the “catch-

up” adoption gap of traditional security approaches. They can adapt to new technologies, while assuring security

measures that meet legal requirements of the firm’s officers and board.

Cloud-based services simultaneously introduce risk into an organization, but also offer industry-leading security

services in either full cloud or hybrid models. Firms that adopt cloud-based security report lower risk and higher

management and scalability capabilities.

03

METHODOLOGY

This report highlights responses

from more than 1,250 senior

executives, management and

security practitioners located

in the United States, Canada

and the United Kingdom. Those

surveyed predominately hold

titles of vice president of IT, CIO,

CISO/CSO, CFO and CEO, and

are responsible for direct buying

decisions. This primary research

was conducted by FastForward

Strategix Research in June 2018.

Cybersecurity FutureWatch 2018, © eSentire, October 2018

EXECUTIVE SUMMARY

04Cybersecurity FutureWatch 2018, © eSentire, October 2018

KEY DRIVERS

KEY FINDINGS

• 60 percent of firms believe an attack will hit in the next few years.

• 77 percent of CEOs and boards are optimistic in their firm’s ability to cope with a breach, but only 33 percent are confident that high-value assets are adequately protected.

• Fiduciary line of sight to security is at an all-time high with over half of boards familiar with security spend, strategy and cyber risks.

• 60 percent of firms rank operational disruption as the top concern, well above the 43 percent who indicate a significant security event as a top concern.

While the adoption of emerging technology can provide a competitive advantage, deploying newer technologies

introduces significant business risk. These emerging technologies, such as cloud, IoT and artificial intelligence,

constantly evolve, and place a double burden on the IT department. The IT department is also held accountable for

business disruption due to an expanded threat surface resulting from these new technologies, and ever-increasingly

sophisticated and creative attacks.

EMERGING TECHNOLOGIES POSE THE LARGEST SECURITY RISK

The majority of organizations actively adopt emerging

technologies, with cloud leading the charge (72 percent),

followed by mobile applications (53 percent), big data

analytics (52 percent), IoT/IIoT (49 percent) and artificial

intelligence (44 percent).

While cloud services top the adoption chart, the overall risk

posed by cloud over the next three years drops by nearly 20

percent; whereas, the risks posed by the adoption of artificial

intelligence doubles over the next three years, and IoT/IIoT

risks also rise nearly 30 percent. With cloud now in its second

decade, companies are adopting more mature and proven

methodologies to secure cloud. This is not the case with IoT

where the adoption curve is outpacing the development of

suitable security practices and solutions.

Cloud leads technology adoption over the next six months

Which technologies pose the greatest risk today and in three years

Cloud

Mobile Apps

Big Data

Social Media

20% 40% 60% 80% 100%

IoT / IIoT

AI

BYOD

Cloud Mobile Apps Big Data Social Media

Today

In 3 Years

10%

20%

30%

-11%

-12%

0%

-18%

+9% +25%

+2%40%

50%

60%

IoT / IIoT AI BYOD

05

MAJOR CYBER ATTACK: WHEN, NOT IF

Unanimously, business leaders such as the CEO, board members and

technical executives (CIO) alike predict a major cyber attack in the next

two – five years. Over 60 percent of respondents assume a major event

will occur. Interestingly, 77 percent of CEO and board respondents

consider their organization prepared for such an event. As expected,

technical leaders are approximately 20 percent more likely to predict

an attack and are 10 percent less optimistic than their business peers in

their organization’s preparedness.

CYBERSECURITY IS A BUSINESS OPERATIONS ISSUE

Operational disruption (66 percent), reputational damage and significant financial losses (54 percent) lead

regulatory penalties (40 percent) as top consequences of a major security event. This trend away from mandated

self-government to a more business integrity focus is also reflected in a shift from compliance-centric security to

newer strategies that detect active attacks, and reduce the risk of a business-altering outcome.

Results also indicate that the adage, “the CISO is the

least interesting person to the board, until they are

the most important person” is a thing of the past. Over

half of respondents indicate their board is very familiar

with the security budget (51 percent), overall strategy

(57 percent), policies (58 percent), technologies

(53 percent), and currently review current security and

privacy risks (51 percent). These numbers increase into

the 90th percentile when considering boards that are

somewhat familiar.

Moreover, line of sight from the CISO to the board is more direct. Forty-five percent of security officers

report to the board or CEO, 33 percent continue to report to the CIO and a small handful (10 percent) report to

a privacy or data officer.

THE CYBER ATTACK PREPAREDNESS PARADOX

Business leaders show a majority confidence in their ability to

manage a major security breach, yet when asked in detail about

their preparedness a quite different picture emerges. Only a third of

respondents are confident that their cybersecurity programs match

that of their peers (33 percent), that their security teams have access

to the appropriate resources (30 percent), and that the organization

is spending adequately on security (29 percent). Similar confidence

rates are associated with the organization’s ability to monitor and

report on cybersecurity programs (34 percent), confidence that

cybersecurity programs align to business objectives (33 percent), and

that high-profile assets are adequately secured (33 percent). In fact, 29

percent of respondents indicated that their high-value or high-profile

information is not adequately protected.


Executives expect and feel prepared for a major cyber attack

Top risks of a cybersecurity event

Reporting detailed cybersecurity preparedness

Expect a major cyber attack in the next five years

Executives that feel prepared for a cyber attack

Operational Disruption

Adequate Spending

Appropriate Resourcing

Match Peer Programs

Reputational Damage

Ability to Report

Financial Losses

Align to Business Goals

Regulatory Penalties

Assets Are Protected

10%

10%

30%

30%

40%

20%

20%

50% 60% 70%

06

KEY FINDINGS

• 64 percent of security budgets are set to rise in 2019, with only five percent predicting a reduction in spend.

• In 2017, companies spent between $110,000 and $750,000 on security.

• A 45 percent customer loyalty rating implies a majority dissatisfaction with incumbent security vendors.

• Emerging technologies pose a significant risk, with cloud-based risk leading at 72 percent.

BUYING IS STILL REACTIONARY

Regulatory requirements (41 percent)

are no longer the singular driver for

companies to implement security posture

changes. A major technology purchase

(41 percent) driven primarily by the use

of emerging technology like cloud, IoT,

mobile apps and artificial intelligence,

is closely followed by the ever-present

security event or near miss (40 percent),

and budgeting cycle (40 percent).

These four drivers scored nearly equal

and all, with the exception of budget

planning, can be seen as externalities

that cause an reactionary response to

a security program.

SPENDING CONTINUES TO INCREASE

Not surprisingly, 64 percent of respondents predict a year-over-year increase in security budgets; while only five

percent predict a reduction. The average firm spent $1 million – $2.5 million on information technology, with one-

third spending more than that. The majority of firms spend 11 – 30 percent of that budget on security, with a wide

spending range between $110,000 and $750,000.


CURRENT LANDSCAPE

Primary drivers of new security initiatives

Budget Planning / Project Prioritization

Requirement of New Client

Enterprise Risk Assessment and Action Plan

Regulatory Requirement

Major Technology Purchase

Security Event or Near Miss

Data Breach

10% 20% 30% 40% 50%

Audit Event

M&A Event

New CEO

Security budget predictions

Expect an increase in security budget year-over-year Average percentage of budget spent on security

11% 30%

07

CLOUD ADOPTION LEADS THE CHARGE

On average, 72 percent of surveyed respondents are currently using cloud services or plan to deploy cloud services

in the next six months, with financial services, manufacturing and healthcare leading the adoption rate. Mobile

applications (53 percent), big data analytics (52 percent), IoT/IIoT (49 percent) and artificial intelligence (44 percent)

round out the top five. Only law firms lag in their adoption of cloud services (55 percent), equalling 24 percent less

than others on the cloud adoption journey.

Risk associated with emerging technologies becomes more concerning as adoption rates accelerate, compressing

the time in which organizations and vendors can adapt and develop appropriate security controls and deploy

protective solutions. Artificial intelligence and IoT/IIoT illustrate this growing problem. While cloud adoption is in its

second decade, AI and IoT/IIoT will likely catch up in three years. This diffusion of innovation leaves a small margin in

which to mitigate the potential risk resulting from these new technologies.

SECURITY ADOPTION PRIORITIES MIRROR EMERGING TECHNOLOGY

Cloud security adoption tops the list of priorities at 50 percent, followed closely by identity and access management

(47 percent), threat detection and response (44 percent) and endpoint detection and response (41 percent). Security

Information and Event Management (SIEM) moves beyond a compliance tool and now plays a role in the greater

detection and response portfolio.

Telecom, information technology, financial

services and manufacturing outpace other

industries on securing their cloud services (56

percent). Financial services, healthcare and

manufacturing also emphasize threat detection

and response investments (48 percent). These

industries are equally investing in identity and

access management as a response to a more

distributed workplace. Law firms are 24 percent

less likely to adopt these technologies.


Top security adoption priorities

The pace of technology adoption is increasing by 2.25 times

Cloud Security

Diffusion of Innovation

12 Years

11 Years

7 Years

4 Years

Laggards 16%

Late Majority

34%

Early Majority

34%

Early Adopters

13.5%Innovators

2.5%AWS introduces S3

Apple introduces iPhone

Tensor Flow released

McKinsey Predicts Data Scientist shortage by 2018

# of mobile devices and machines exceeds world population

3 Years

Identity and Access Management

10% 20% 30% 40% 50%60%

Threat Detection and Response

Endpoint Detection and Response

Security Information and Event Management

Time Today

2006

2007

2011

2014

2015 AI

IoT

Big Data and Analytics

Mobile Apps

Cloud Computing

08

BRAND IS BOTH A BLESSING AND A CURSE

When it comes to selecting an on-premises security vendor, technical capabilities (63 percent) outweighed vendor

loyalty (44 percent) or price and total cost of ownership (44 percent). The buying priorities and decision drivers

when selecting a managed security services vendor varied from this trend where technical capabilities was

tied for third with total cost of ownership (39 percent each). In the case of MSSP contracting, brand (50 percent)

and ability to deliver full response to events, including detection, containment and resolution (50 percent)

were the key decision drivers.

Loyalty to these managed service vendors is perhaps

the most concerning finding in the report. Pre-existing

relationships accounted for one-third of purchases.

And, more than half (55 percent) of the respondents are

willing to consider switching from their primary managed

security vendor. In other words, managed security

service providers (MSSPs) can only muster a meager 45

percent customer loyalty rating. This is a disturbing number considering 90 percent of respondents use an MSSP

or plan to use some form of security service vendor within a year, and might explain the two-year downward trend

in firms basing their security programs

on a managed service provider.

The use of MSSPs to provide either prevention technology management or basic compliance reporting is

predicted to drop 24 percent collectively over the next two years. Security outsourcing in the next two years

puts emphasis on building out proactive threat hunting and predictive response capabilities, with these areas

showing a 24 percent predicted growth over the coming years. Moreover, respondents using managed services

to provide predictive response are the least likely to switch from their incumbent vendor, which implies a

higher loyalty rating.


Customer loyalty to incumbent MSSP vendors

09

As noted earlier in this report, respondents see a correlation between security maturity and susceptibility to risk,

appetite to adopt emerging technologies, and willingness to blend contracted services to augment in-house

capabilities.

KEY FINDINGS

• Firms using proactive and predictive approaches reduced their risk profile by 30 percent.

• More mature firms are faster to adopt threat detection and response, identity access management and cloud security services to support a boom in the current adoption of cloud-based services (77 percent), mobile applications (60 percent), and IoT (five percent).

• More mature firms aggressively leverage SaaS and are 35 percent more likely to adopt 100 percent cloud-based security services than firms using a device-centric model.

One way to classify this change is to think of three levels of advancement in risk management. Unlike traditional

maturity models designed to codify a range of expected capabilities and practices across core functions of

cybersecurity, the Disruptive Security Maturity model (DSMM) takes more of a macro view to assist companies in

quickly and easily identify their evolutionary stage of security. This is meant to assist companies in zooming out from

the technology treadmill and daily activities like patch warfare to easily take stock of their maturity level.

Firms that rely solely on prevention technology and MSSPs providing device management services are more

susceptible to a broad spectrum of risks. Firms that have established a proactive or predictive security model

leverage threat intelligence, machine learning, and device analytics to identify never-before-seen threats and have

near real-time response capabilities to reduce the risk of a business-altering event.

MOVING FROM COMPLIANCE TO BUSINESS INTEGRITY

At a macro level we have witnessed security approaches move through

three distinct stages of focus: device-focused, alert-focused and

threat-focused. This research shows a market transition from

regulatory and compliance-driven security focused on reactionary

response with tit-for-tat prevention technology, to a later stage

driven by the need to maintain business integrity and continuous

operations through proactive and predictive threat management.

Over 50 percent of respondents identified their primary

security posture as leveraging prevention technology or device

management. This number is predicted to drop to 32 percent in two

years. As organizations move along the evolutionary curve, the 17

percent of respondents leveraging proactive hunting or predictive

response today will more than double to 40 percent over the next

two years. The trend is consistent across all industry segments with

financial services and healthcare services leading the charge and

law firms lagging behind.

SECURITY MATURITY


Prevention Technology

Device Management

Compliance Management

Alert Monitoring

10% 20% 30%

Proactive Hunting

Predictive Response

Technology maturity today and in two years

Today In 2 Years

This trend certainly correlates with the shift in business drivers away from regulatory dominance toward business-

centric considerations such as operational disruption, reputational damage, and, of course, financial losses.

For decades the security industry focused on prevention technology designed to stop various attacks from

hitting their mark, but that approach was woefully inadequate. As devices grew in number and complexity,

and few replaced their predecessor, the demand on security teams increased in terms of patch and policy

management. This friction created the demand for outsourced management and log aggregation, and managed

security services were born. In most cases, MSSPs were more about devices and post-event aggregation of

logs and reports.

Heavily regulated industries also grappled with compliance requirements which created the first generation

of log management tools, such as SIEM. This compliance 1.0 stage advanced the industry from device-centric

thinking, to a focus on logs and alert management to satisfy external parties such as regulators and state or

federal agencies. Compliance and security overlapped to some degree, but were not synonymous.

The most recent evolutionary 2.0 stage to emerge focuses on full life-cycle threat identification and containment,

predicated on the notion that only a subset of threats are detectable by various sensors that rely on signatures,

and that the rest must be inferred through non-alert based approaches such as behavioural analytics, machine

learning and artificial intelligence. Threat-focused solutions combine rapid algorithmic analysis of extremely

large data sets with human intuition to verify machine identified threats through detailed investigation, and take

containment or disruption actions as required.

SECURITY SERVICES DRIVE MATURITY

Mature firms are more aggressive in their use of outsourced security services to deliver best available security

approaches and augment in-house capabilities. Over 50 percent of organizations self-identified as predictive

are moving to cloud-based or hosted security offerings over the next three years. Moreover, outsourced

security adoption is strongest for proactive hunting and predictive response services such as managed

detection and response.

These firms are also more apt to adopt emerging security technologies such as endpoint, threat detection and

response, identity access management, and cloud security. Moreover, more mature firms aggressively leverage

SaaS and are 35 percent more likely to adopt 100 percent cloud based security services than firms using a

device-centric model. Outsourcing is a palatable alternative to recruiting and retaining threat hunting talent from

a pool that cannot support the growing demand.


11

KEY FINDINGS

• Only 30 percent of respondents are confident that their business will not suffer a major security event in the coming five years.

• Over 50 percent of organizations are struggling to show value to senior management and meet internal and regulatory requirements.

• Firms using proactive and predictive approaches reduced their risk profile by 30 percent.

Almost half of the respondents (48 percent) assume a major event will occur in the next two years and only 30

percent are confident that their business will not suffer a major security event in the coming five years. Yet spend

and corporate line of sight to security predict a growth trend over the next few years. In short, spending alone

cannot eliminate external and internal risks to the business.

MALWARE AND MANAGEMENT COMPLEXITY ARE TOP RISKS

Unknown malware attacks are the top risk to

the organization (55 percent), followed by

non malware-based attacks, managing

malware-born attacks (52 percent) and insider

risks, either malicious or non-malicious

(49 percent).

The majority of organizations are struggling

to show the value of IT security spend to senior

management (55 percent), including status

reporting difficulties (53 percent). Over 50

percent struggle to manage third-party vendors.

The complexity of aligning to risk management

(52 percent) and the growing complexity of

regulatory compliance (47 percent) round out

top risk concerns.)

LESS MATURE FIRMS ARE MORE SUSCEPTIBLE TO RISK

Firms that rely on prevention device-centric approaches report they are more susceptible to cyber risks.

Unknown and known malware attacks caused operational disruption in over 60 percent of firms, and financial

losses in over 55 percent of firms. Firms using proactive and predictive approaches reduced their risk profile

by 30 percent. Interestingly, more mature firms have less issue with risk when it comes to external attacks and

internal management complexity. For example, firms deploying threat hunting and predictive technologies reduce

the risks associated with malware and non-malware attacks by 26 percent. Moreover, they report 50 percent less

risk associated with security status reporting, demonstrating value to senior management (38 percent), a halving

of risks associated with third-party vendors, and 37 percent reduction in risk associated with aligning to risk

management efforts and remaining compliant with regulators. (See graph on the following page.)


RISK REVIEW

Top challenges managing cyber complexity

Non Malware-based Risks

Insider Risks

Managing IT Security Spend

Unknown Malware Risks

Reporting Program Status

40% 45% 50% 55% 60%

Managing Third-party Vendors

Aligning to Risk Management Programs

Managing Regulatory Compliance

12

The only common risk element both less mature (prevention technology only) and more mature firms (predictive)

share is their ability to bare the costs associated with a growing number of security devices.

MOST SUSCEPTIBLE TO RISK: LAW FIRMS, TRANSPORTATION AND IT

Law firms lead when it come to risks associated with external actors and attacks, and their ability to report status,

show value and meet internal risk standards and regulatory requirements. Transportation and IT firms report higher

than average levels of risk. Financial services tend to run just below industry averages across both external attacks

and internal or industry requirements.

EMERGING TECHNOLOGIES POSE THE LARGEST SECURITY RISK

The majority of organizations adopt emerging technologies, with cloud leading the charge (72 percent), followed by

mobile applications (53 percent), big data analytics (52 percent), IoT/IIoT (49 percent) and artificial intelligence (44

percent). While cloud services top the adoption chart, the overall risk posed by cloud over the next three years drops

by nearly 20 percent, whereas, the risks posed by the adoption of artificial intelligence doubles over the next three

years, and IoT/IIoT risks also rises nearly 30 percent.


Risk reported across emerging technologies

Risk reported by maturity stage

Cloud

Unknown Malware Risks

Mobile Apps

Non Malware-based

Risks

Big Data

Insider Risks

Social Media

Managing IT Security

Spend

Today

Prevention

In 3 Years

Predictive

10%

5%

20%

10%

30%

15%

40%

20%

50%

25%

60%

IoT / IIoT

Reporting Program Status

Managing Regulatory Compliance

AI

Managing Third-party

Vendors

BYOD

Aligning to Risk Management

Programs

13

KEY FINDINGS

• Expect that traditional device-management MSSPs will attempt a shift to providing proactive hunting services.

• Cloud adoption will continue to pervade organizations and become the foundation of ERP services and a key enabler in digital transformation.

• Risk associated with artificial intelligence is set to outpace the risk associated with cloud in three years.

PIVOT TO PROACTIVE PRACTICES

With a wilting 45 percent customer loyalty rate and focus on less mature security offerings, traditional MSSPs

must shift toward the mature end of the evolutionary path to include proactive threat hunting and predictive

technologies such as machine learning. The adoption of device and alert management will drop by 24 percent

over the next two years, while proactive hunting and predictive services will grow by the same amount in this

period. This will create a crisis of faith for MSSPs welded to commodity alert management offerings. These

vendors will attempt to shift to full life cycle threat management, which will not align to their traditional a la carte

approaches.

CLOUD AS THE BASIS OF SECURITY SERVICES

The majority of firms have deployed and will continue to expand at least hybrid cloud security services, if not full,

cloud deployments. Today, only 15 percent of respondents manage a pure on-premises security stack, and this

level remains consistent for the coming three years. Aside from this laggard group, the strong majority will deploy

hybrid (49 percent) or pure cloud security stacks (36 percent).

CLOUD ADOPTION EXPANDING TO ERP

Along with mobile applications, big data analytics, IoT/IIoT, and artificial intelligence, cloud will continue to

dominate technology adoption over the coming few years. Unlike other technology, cloud has the greatest

propensity to expand beyond application-level services to offer a foundation for enterprise-wide systems.

Today, 52 percent of respondents have deployed cloud for software-as-service; whereas only 37 percent

have deployed cloud-based infrastructure-as-a-service or 34 percent have deployed platform-as-a-service.

Within twelve months, infrastructure-as-a-service and platform-as-a-service will rival software-as-a-service

cloud deployments at around 95 percent adoption, creating a panacea adoption with no corner of a modern

ecosystem not connected to the cloud.


FUTURE VIEW

ARTIFICIAL INTELLIGENCE IS TOMORROW’S SECURITY HEADACHE

While today cloud-based services top the risk list, artificial intelligence will rank number one in three years. This is

true across all industries, with the exception of manufacturing. This is likely the result of two factors. The first is the

continued adoption, familiarity and integration of cloud services, which brings a greater sense of trust and comfort,

and the assumption that cloud security will harden over time. The second is that artificial intelligence will grow in

applications across legal services for monotonous activities such as contract creation and interpretation, high-

performance trading in buy-side financial funds, flow management in transportation, and detection or diagnosis in

medical practices. It’s less understood how pervasive artificial intelligence will become and where it will take hold

within specific industries. As artificial intelligence is a nebulous offering today as an industry, we are less confident

in identifying the risks scenarios, let alone developing mitigation strategies and regulatory boundaries.

COMPLIANCE 3.0: CLIENT-DRIVEN REQUIREMENTS

Organizations are moving from a compliance 1.0 model based on meeting prescriptive regulations reporting toward

a more business operations 2.0 model, where preserving brand, protecting operations, and avoiding financial

losses are the drivers. In most cases, these forces outpaced customer requirements in most buying scenarios. In

the future, organizations will likely move to a compliance 3.0 mode, driven by a focus on the client. In this state,

brand and reputation will form the barometer by which a company’s security performance is ultimately measured.

Protecting the client will mean by extension, protecting their data and services, avoiding operational disruption and

resulting financial losses.


15

eSentire engaged an independent analytics firm (FastForward Strategix) to conduct an online survey of 1,250

security and information technology executives, in varying organizations and core industry segments in the U.S.,

Canada and the United Kingdom. Respondents provided independent responses to questions about budget,

reporting structure, board awareness, adoption of security technology, adoption of IT services, external risks,

and regulatory concerns.

We make no claims that the findings of this report are representative of all organizations at all times;

however results are fairly consistent across the sample set and we consider many of the findings appropriate

for generalizations.

KEY FINDINGS

• Respondents : 1,250 directors, vice president of information security or technology, CTO, CIO, CFO, CEO and board members.

• Countries : United States: 60 percent / Canada: 20 percent / United Kingdom: 20 percent

• Company size : <1,000: 34 percent / 1,000-5,000: 38 percent / >5,000: 28 percent.

• Key Industries : Financial Services 14 percent, Healthcare 14 percent, Legal Services 13 percent, Manufacturing 14 percent, Transportation 13 percent, Telecommunications 15 percent,

IT 15 percent.

• Influence : Decision Maker: 40 percent / Financial Approver: 13 percent / Buying Process Lead: 24 percent / Internal Stakeholder: 19 percent / P&L Owner: 4 percent.


METHODOLOGY

eSentire is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organizations safe

from constantly evolving cyberattacks that technology alone cannot prevent. Its 24x7 Security Operations Center (SOC),

staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before

they become business-distrupting events. Protecting more than $6 trillion in corporate assets, eSentire absorbs the

complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply with growing regulatory

requirements. For more information, visit www.eSentire.com and follow @eSentire.

Documents

Cybersecurity FutureWatch 2018...introduces significant business risk. These emerging technologies, such as cloud, IoT and artificial intelligence, constantly evolve, and place a double