Freely subscribe to our NEWSLETTER

The CYBER360 report surveyed 1,000 security leaders and IT security practitioners across the US and UK in sectors including government, defense, financial services, and healthcare. It highlights significant dissatisfaction with legacy, detection-based cybersecurity approaches amid increasing cyberattacks, with almost all (97%) regulated organizations reporting a cyber incident between October 2023 and 2024.

Survey respondents validated that the threat landscape is changing. On average, the surveyed organizations experienced 127 known cyberattacks each week, with the top three threats identified as compromised access credentials (26%), phishing attacks (26%) and exploited vulnerabilities (25%). At the same time, 62% of respondents agreed that AI and emerging malicious actor trends are increasing attack sophistication.

Over three-quarters (78%) of IT security directors believe security teams in regulated industries must shift their mindset from detecting threats to preventing them. When looking ahead, the research revealed the top plans and considerations:

• A third (33%) plan to implement Hardsec technology, which uses hardware logic and electronics to implement security functions, dramatically reducing the attack surface.
• Nearly a third (30%) of plan to implement Advanced Content Disarm and Reconstruction (CDR) solutions, which sanitize data and files before they enter networks.
• Over a quarter (27%) plan to implement User Activity Monitoring (UAM), a preventative approach to managing insider risks that distinguishes between genuine human mistakes and malicious intent.

“Increasingly sophisticated cyberattacks have unfortunately become the norm and traditional detection-based technologies are unable to keep up. New, preventative security strategies and solutions like Hardsec and CDR solutions are a necessity to match the sophistication of today’s—and tomorrow’s—threats,” said Sean Berg, CEO at Everfox.

Overcoming the barriers to change

Despite the clear desire to adopt preventative security solutions, perceived challenges continue to hold agencies and organizations back. 39% of regulated organizations cited their inability to keep up with the rapidly evolving threat landscape as the biggest barrier to adopting preventative approaches. Stretched budgets also play a role, with 36% of security professionals reporting it as a barrier. This pain point was particularly felt by government organizations, who named it their top obstacle.

Sector-specific difficulties in executing a preventative strategy are also apparent. Over a third (35%) of those working in defense organizations called out resistance to change and a preference for traditional reactive approaches as an obstacle, speaking to the importance of strong leadership in making the preventative mindset shift.