REPORT

Cybersecurity Survey 2016

Executive Summary
Each year, Fortinet conducts extensive international research
into the cybersecurity outlook of enterprise organizations.
In the 2016 edition of its IT decision maker (ITDM) survey,
Fortinet has discovered a clear consensus toward
improvement measures, such as faster incident response and
the development of rapidly actionable threat intelligence.

concern of respondents is vulnerability in IT systems, where

62 percent of respondents scored this 4/5 or 5/5 as a
security concern. Meanwhile, 60 percent scored cloud 4/5
or 5/5 as a security concern.
The Best Form of Defense is Attack: 57 percent of
respondents claimed the best response to their increased
data breaches was to invest in new cyber security
technologies.

The survey highlights the shared concerns of ITDMs

spread across EMEA, APAC and Latin America, from the
vulnerabilities of their IT systems to the security challenges of
the cloud. Its findings reveal a challenging threat landscape
where the possibility of data breach is increasingly a reality.

Breaches Spur MSSP Outsourcing Trend: The

research found that within three to five years, 41 percent
of organizations could be addressing their cyber security
priorities through outsourcing.

Above all, the findings underline the importance of enhanced

technological capabilities to combat growing threat levels
in an increasingly digital world. They advocate the need for
an open, adaptive security fabric that delivers end-to-end
protection and enables shared intelligence across the entire
attack surface.

Incident Response Isnt Fast Enough: Of the half

(55 percent) of all IT decision makers in the survey who
reported a security breach in the last year, only 21 percent
realised this within minutes of the breach occurring. In
some sectors, such as healthcare, it took 50 percent of
respondents days, months or even years to spot breaches.

Scope
The 2016 Fortinet Global Security Survey was a research
exercise undertaken on behalf of Fortinet by independent
market research company Lightspeed*. The survey involved
1,399 qualified IT decision makers predominantly CIOs,
CTOs, IT Directors and Heads of IT from EMEA, APAC and
LATAM based organizations larger than 250 employees.

Key Findings
Securing the Cloud and Protecting Against IT System
Vulnerabilities Are Key Concerns: The biggest security

Cloud Based Security and Better Threat Detection

Are in Demand: To mitigate the risk of security breaches
and protect their organizations from sensitive data loss,
compromised systems and brand reputation damage, the
survey found the number one action undertaken by ITDMs
is the use of threat detection technologies (15 percent),
closely followed by cloud-based cyber security services (13
percent).
Threat Intelligence is Valued and Respected:
Respondents cited improved prevention of attacks as the
greatest value of threat intelligence (49 percent), followed
by improved information security strategy (47 percent) and
improved detection of attacks (44 percent).

* See Note on Methodology on page 12 for more details

www.fortinet.com

SURVEY REPORT: CYBERSECURITY SURVEY 2016

Cybersecurity Concerns & Priorities

Cloud security and IT system vulnerabilities are
top of the list
BYOD

IoT

Inside Threats

60%
50%

GLOBAL

APAC

LATAM

EMEA

GLOBAL

APAC

LATAM

EMEA

GLOBAL

APAC

LATAM

EMEA

GLOBAL

APAC

LATAM

EMEA

GLOBAL

APAC

40%

LATAM

In EMEA as a whole, respondents were equally as likely to

report an extreme level of concern for cloud as for vulnerability
of IT systems. In LATAM and APAC, the cloud scored
marginally lower for the highest level of concern than inside
threats, and around 10 percentage points lower than concern
for vulnerability in IT systems.

Vulnerability
in IT Systems

Cloud
70%

EMEA

Respondents biggest concern is vulnerability in IT systems

with 25 percent of respondents placing this concern at its
highest possible level. In total, 62 percent of respondents
scored this 4/5 or 5/5 as a security concern. At almost the
same level of concern is cloud, where 19 percent scored their
concern at the highest level and 60 percent scored it 4/5 or
5/5.

FIGURE 1: The Areas of Greatest Security Concern (scoring 4/5 or 5/5), by Region

GLOBAL

Avoid services/
app interuption

LATAM
APAC
EMEA

Avoiding loss of data dominates ITDM

priorities
When asked to rank their top priorities when guarding against
a cyber threat, the number one position was to avoid the loss
of sensitive corporate data and/or customer data, which was
reported twice as much as the second highest priority.

GLOBAL

Avoid damage to
corporate reputation

LATAM
APAC
EMEA
GLOBAL
LATAM

Avoid financial loss

APAC
EMEA
GLOBAL

Avoid loss of
sensitive data

LATAM
APAC
EMEA

0%

10%

20%

30%

40%

FIGURE 2: No.1 Priority When Guarding Against a Cyber Threat, by Region

Proactive Decision Making and the Value of

Threat Intelligence
Threat detection seen as the best proactive
approach to cybersecurity challenges
Deficiencies in rapid, effective threat identification and
response are proven to be highly costly to breached
organizations as sensitive data is lost, systems are
compromised and brand reputation is damaged.
The survey found that, to mitigate these attacks and
better protect their organizations, the top ranked proactive
action undertaken by ITDMs is the use of threat detection
technologies (18 percent), closely followed by cloud-based
cybersecurity services (12 percent). Such capabilities are
underpinned by the provision of actionable threat intelligence.
www.fortinet.com

EMEA

APAC

LATAM

GLOBAL

25%
20%
15%
10%

Use of threat detection technologies

Use of cloud based cybersecurity services
FIGURE 3: The Two Leading Proactive Actions to Protect Organizations, by Region

SURVEY REPORT: CYBERSECURITY SURVEY 2016

Prohibition of
non-corp devices

Incident response team

7%

7%

15%

Employee education

Internally segmented
network

11 %

9%

Big data analytics

Threat detection technologies

16

Establishing a Soc

The subset of CIOs within our

sample also ranked use of
threat detection technologies
first (16 percent), closely
followed by use of cloud
based cybersecurity services
(15 percent). By contrast,
actions such as prohibition of
non-corporate devices were
consistently ranked far lower (7
percent)..

10

Cloud based
cybersecurity services

Cyber threat intelligence

Managed security
services

FIGURE 4: CIO Ranking of Top Proactive Actions to Protect Their Organizations

Business value at the heart of cyber threat intelligence

Survey respondents were largely positive about the impact of threat intelligence, calling out a wide range of benefits to their
organizations. The most common perceived value of threat intelligence was improved prevention of attacks, shared by 49 percent
of respondents.
GLOBAL

LATAM

APAC

EMEA

Improved detection
of attacks
Improved prevention
of attacks
Improved risk
management
Improved threat analytics
Improved compliance
Improved information
security strategy

0%

20%

30%

40%

50%

FIGURE 5: What do you believe is the value of threat intelligence?, by Region

www.fortinet.com

SURVEY REPORT: CYBERSECURITY SURVEY 2016

5%

When asked about the cyber

threat intelligence capabilities
used within their organizations,
39 percent of global respondents
said their own threat research/
incident response team monitored
all security activity. APAC-based
ITDMs reported the highest levels
of in-house teams (45 percent,
compared to 35 percent in
EMEA and 33 percent in LATAM).
Globally, 28 percent of ITDMs
claim to outsource cyber threat
intelligence to a third party. Again,
this was highest in APAC (31
percent).
Many respondents believe that
the threat intelligence capabilities
embedded within their existing
security infrastructure fulfil their
security needs. Others rely upon
cloud-based services/SaaS
vendors to correlate security
activity.

20% 25%

30% 35% 40% 45%

EMEA
APAC
LATAM
GLOBAL

Own threat
research/incident team

EMEA
APAC
LATAM
GLOBAL

Our SIEM has intelligence built-in

EMEA
APAC
LATAM
GLOBAL

Our firewalls have

intelligence built-in

EMEA
APAC
LATAM
GLOBAL

Use seperate intrusion

monitoring device

EMEA
APAC
LATAM
GLOBAL

Cloud based
service/SaaS vendor

EMEA
APAC
LATAM
GLOBAL

Outsource threat intelligence

EMEA
APAC
LATAM
GLOBAL

No incident investigation
and management

FIGURE 6: Forms of Cyber Threat Intelligence Used in Organizations, by Region

Cybersecurity Outsourcing Trend

LATAM

PartOutsourced

APAC

LATAM

0%

APAC

10%

EMEA

20%

LATAM

100%
Outsourced
Cybersecurity
Consumption
Model

EMEA

60%

APAC

Over two-thirds of survey respondents presently operate a 100

percent in-house cybersecurity infrastructure. Of the remainder,
the majority (two-thirds) favor a total outsourcing model
while the other third part-outsource. Respondents in APAC
appeared most predisposed to partial outsourcing, with around
17 percent of respondents from India, China and Singapore
execute this approach.

EMEA

A mix of cybersecurity consumption models in

evidence

100%
In-House

FIGURE 7: Current Cybersecurity Consumption Models, by Region

www.fortinet.com

SURVEY REPORT: CYBERSECURITY SURVEY 2016

ITDMs in Germany are most likely of all respondents globally to keep total in-house control of their cybersecurity functions (83
percent), while Italian ITDMs are the least likely (51 percent).
The smallest enterprise-scale organizations (i.e. those sized 999 employees or lower) are the most likely to outsource cybersecurity.
The vertical industry with the greatest current cybersecurity outsourcing rate is the public sector.

Italy

Germany

250-499
Empl

500-999
Empl

1000-1999
Empl

2000+
Empl

Public
Sector

Financial
Services

Retail

80%
70%
60%
50%
40%
30%
20%
10%
0%

100% in-house

100% Outsourced

Part-Outsourced

FIGURE 8: Current Cybersecurity Consumption Models - assorted market segments

Full in-house cybersecurity trending towards decline

The predominant future trend for cybersecurity consumption appears to be toward full outsourcing over the next three to five years.
This trend is observed in all countries except for Thailand, where more organizations here expect to abandon outsourcing in favor of
100 percent in-house control.
Brazil
Mexico
Thailand
China
India
Maylasia
Singapore
HongKong
Italy
Germany
Spain
France
UK
IN 3-5 YEARS

NOW

40%

50%

60%

70%

80%

FIGURE 9: Prevalance of 100% In-House Approach to Cybersecurity Now, and in 3-5 Years

www.fortinet.com

SURVEY REPORT: CYBERSECURITY SURVEY 2016

Major industries such as finance and retail will overtake public sector in their appetite to shift from a 100 percent in-house model to
either full or partial cybersecurity outsourcing.

IT & Telecom
Manufacturing
Healthcare
Education
Public Sector
Retail
Financial Services
IN 3-5 YEARS

50%

NOW

60%

70%

FIGURE 10: Prevalance of 100% In-House Approach to Cybersecurity Now, and in 3-5 Years, by Industry

Breaches Need Faster Incident Response

Delays in identifying threats risk greater damage overall
Fifty-five percent of our sample reported a security breach in the last 12 months. Of those who were compromised, 69 percent
said they spotted this within minutes or hours (22 percent in minutes; 47 percent in hours), 27 percent said it took days or weeks,
while the remaining 4 percent admitted it took months or even years.

50%
40%

EMEA

30%

APAC
LATAM

20%

GLOBAL

10%
0%

Minutes

Hours

Days or Weeks

Months or Year

FIGURE 11: Speed of Response to Breaches, by Region

www.fortinet.com

SURVEY REPORT: CYBERSECURITY SURVEY 2016

LATAM respondents claimed the fastest response with around 35 percent of breaches caught within minutes and a further 40
percent+ located within hours. China and Hong Kong respondents reported similar response speeds. The slowest were Spain,
Malaysia and India.
Companies with over 1,000 employees performed better than their smaller counterparts. Likewise, private sector industries
did better than those in the public sector. The worst performing sector was healthcare target of various, recent high-profile
ransomware exploits where around 50 percent of respondents took days or longer to spot breaches, and more than 10 percent
took months or years.

50%

Financial Services

40%

Retail
Public Sector

30%

Education

20%

Healthcare
Manufacturing

10%

IT & Telecom

0%

Minutes

Hours

Months or Year

Days or Weeks

FIGURE 12: SPEED OF RESPONSE TO BREACHES, BY VERTICAL

ITDMs taking action to prevent further attacks

When asked what actions they took to prevent another attack, the largest reaction was to invest in new technologies (57 percent
agreed). This approach was supported by 60 percent CIOs, who largely placed it as their top choice.
Around all 27 percent of respondents said they took out insurance as a consequence of their breach and this was higher in EMEA
than in other global regions. Meanwhile, 29 percent used it as a catalyst for further cybersecurity outsourcing, and this was greatest
in APAC. There was a wide variance in desire to hire in new skills and invest in more security training, ranging from just 18 percent
in Italy to around 45 percent in China and Thailand.

Invest in
new tech
60
50
40
30
20
10
0

Nothing

Develop new
policy/procedure

Hire more
staff/training

Change security
vendor

Outsource
security

Buy insurance
EMEA

APAC

LATAM

GLOBAL

FIGURE 13: ACTIONS TAKEN FOLLOWING A SECURITY BREACH TO PREVENT RECURRENCE

www.fortinet.com

SURVEY REPORT: CYBERSECURITY SURVEY 2016

Conclusion
By probing the cybersecurity strategies of enterprises IT
decision-makers and examining the response tactics of those
affected by cyber-attacks, this survey has been able to bring to
light how present IT security infrastructures have struggled to
contend with the realities of an increasingly digital world.

Whether enterprises maintain in-house control, or evolve to

a part or full outsourced model with their chosen managed
security service provider (MSSP), the path to a more efficient
cyber defense will be guaranteed by actionable threat
intelligence that permeates across the borderless network.

Ripping out and replacing old infrastructure, dedicating

significantly greater resources and internal focus are not
necessarily the cure. Rather, a smarter approach is possible
where IT leaders can implement an open, adaptive security
fabric and stretch it across their organization, its users and data
to enable true end-to-end protection. Their digital futures dont
have to be laden with sluggish incident response times and the
constant fear of contending with the latest threats.

Note on Methodology
The 2016 Fortinet Global Security Survey was a research exercise undertaken on behalf of Fortinet by independent market research company
Lightspeed. The survey involved 1,399 qualified IT decision makers predominantly CIOs, CTOs, IT Directors and Heads of IT from EMEA, APAC and
LATAM based organizations larger than 250 employees.
Thirteen countries participated in the survey: Brazil, China, France, Germany, Hong Kong, India, Italy, Singapore, Malaysia, Mexico, Spain, Thailand and
the UK. Respondents were recorded from across industry sectors, with at least 100+ from each country.
Respondents were sourced from Lightspeeds online panel; recruited, managed and validated with stringent checkpoints throughout the respondent
lifecycle to ensure valid, high-quality responses. Screening included job title, role within business, earnings, responsibilities and purchase decisionmaking of respondents, and the industry sector and number of employees of the organizations they work for.
About Fortinet
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its
customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements
of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address
the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances
shipped worldwide and more than 290,000 customers worldwide trust Fortinet to protect their businesses. Learn more at http://www.fortinet.com, the
Fortinet Blog, or FortiGuard Labs.

GLOBAL HEADQUARTERS
Fortinet Inc.
899 Kifer Road
Sunnyvale, CA 94086
United States
Tel: +1.408.235.7700
www.fortinet.com/sales

EMEA SALES OFFICE

905 rue Albert Einstein
Valbonne
06560, Alpes-Maritimes,
France
Tel +33 4 8987 0500

APAC SALES OFFICE

300 Beach Road 20-01
The Concourse
Singapore 199555
Tel: +65.6513.3730

LATIN AMERICA SALES OFFICE

Sawgrass Lakes Center
13450 W. Sunrise Blvd. Suite 430
Sunrise, FL 33323
Tel: +1-954-368-9990

Copyright 2016 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common
law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance
and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether
express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified
performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same
ideal conditions as in Fortinets internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this
publication without notice, and the most current version of the publication shall be applicable.
23 November, 2016