Increased Data Recovery and Ransom Payments Are Stimulating the Ransomware Industry, Finds ‘2020 Cyberthreat Defense Report’

Record-setting Cyberattacks and Rising Shortage of Skilled IT Security Personnel Prompt 85% of IT Professionals to Favor Security Products Featuring Machine Learning and AI

ANNAPOLIS, Md.–(BUSINESS WIRE)–CyberEdge Group, a leading research and marketing firm serving the security industry’s top vendors, today announced the availability of its seventh annual Cyberthreat Defense Report (CDR). The award-winning CDR has rapidly become the de facto standard for assessing organizations’ security posture, for gauging perceptions of IT security professionals, and for ascertaining current and planned investments in IT security infrastructure – across all industries and geographic regions.

Ransomware attacks break a record

New this year, the report uncovered two trends that are stimulating record-setting ransomware attacks:

  • More ransom payers are successfully recovering their data. In 2018, only 49 percent of ransom payers successfully recovered their data. That number rose to 61 percent in 2019. Today, 67 percent of ransom payers have recovered their data.
  • More payments are incentivizing the ransomware industry. In 2018, only 39 percent of ransomware victims actually paid the ransom. In 2019, that number rose to 45 percent. Today, an alarming 58 percent of victimized organizations have paid ransoms.

In 2018, CyberEdge was the first research firm to quantify data recovery rates for ransom payers. Following the company’s announcement that less than half of ransom payers successfully recovered their data that year, cybercriminals started to realize that withholding encrypted data after receiving ransom payments is bad for business.

Since then, data recovery rates for ransom payers have gone up. Unfortunately, the increased likelihood for data recovery is motivating more organizations to pay ransoms, which in turn is stimulating growth of the ransomware industry. Last year, 56 percent of organizations were compromised by ransomware. That number rose to 62 percent this year – a new record.

“This year, both good news and bad news are stimulating growth of the multi-billion-dollar ransomware industry,” says Steve Piper, founder and CEO of CyberEdge Group. “To combat ransomware and other threats, I advise IT security organizations to invest wisely in products that continuously discover and patch vulnerabilities, uncover advanced threats using machine learning and artificial intelligence, and continuously back up their data everywhere. I also recommend organizations invest more in their people, including training and certification for IT security personnel and ongoing security awareness training for all employees. Never underestimate the value of the human firewall.”

Severe staffing shortages plague IT security

A severe shortage of IT security talent is driving important changes in technology and practices. The CDR found 85 percent of organizations are experiencing a shortfall of skilled IT security personnel, and survey respondents cited “lack of skilled personnel” as their biggest obstacle to adequately defending against cyberthreats. This crisis is leading to strong preferences for technologies that can increase the productivity of existing IT security teams, such as security orchestration, automation and response (SOAR), advanced security analytics, and security products that feature ML and AI technologies.

Additional key findings

The 2020 CDR yielded dozens of insights into the challenges IT security professionals faced last year and the challenges they’ll likely continue to face for the rest of this year. Key findings include:

  • Successful cyberattacks at record levels. For the first time in CDR history, four out of five organizations (81 percent) experienced at least one successful cyberattack, up from 78 percent the prior year.
  • Hottest security technologies for 2020. Next-generation firewalls (NGFWs), containerization (e.g., browser isolation, micro-virtualization), application container security tools, threat intelligence platforms (TIPs) and services, and SOAR are among the most sought-after security technologies in 2020.
  • The new app security “must haves.” API gateways, database firewalls, and web application firewalls (WAFs) are this year’s most widely deployed application and data security technologies.
  • Decryption deficit. Surprisingly, only a third (35 percent) of SSL/TLS-encrypted web traffic is decrypted for inspection by network security devices, opening up the door to undetectable encrypted cyberthreats and associated data exfiltration.
  • Training and certification in demand. The vast majority of IT security professionals (87 percent) who haven’t received formal training would welcome it. Two-thirds (67 percent) of IT security professionals who haven’t yet achieved a security professional certification plan to get started in 2020.
  • Security’s weakest links. For the third straight year, application containers are rated as the IT component most difficult to secure, followed by operational technology (OT), Internet of things (IoT) devices, and mobile devices.
  • Putting trust in zero trust. Of those organizations who haven’t started assembling a zero-trust network architecture, 67 percent plan to get started in 2020.
  • Security’s slice of the IT budget pie. On average, IT security consumes 12.8 percent of the overall IT budget, up from 12.5 and 12.1 percent in the preceding two years.

“Consistent, informed research is invaluable to decision makers—and in my experience, research that is repeated year after year with the same focus and methodologies is the most valuable,” said Richard Stiennon, chief research analyst with IT-Harvest. “For seven years, the Cyberthreat Defense Report has provided an annual look at how IT security professionals perceive threats and take actions to counter them. I find it interesting that in this year’s report, almost 20 percent of respondents did not have a single breach in the last 12 months. That supports my contention that good cyber defense is possible. Of course, that means addressing the critical factors identified in the CDR, including finding and hiring qualified IT security staff. To this end, I will continue to refer to the latest CDR to form my perspective of the industry and where it is heading.”

About the CDR

In November 2019, 1,200 IT security decision makers and practitioners completed a 27-question online survey. Each participant was employed by a commercial or government entity with a minimum of 500 employees. Participants came from six geographic regions: North America, Europe, Asia Pacific, the Middle East, Latin America, and Africa.

The CDR gauges perceptions about cyberthreats and ascertains future plans for improving security and reducing risk. It enables IT security professionals to benchmark their company’s security posture, operating budget, product investments, and best practices against peers in their industry and geographic region.

The 2020 CDR is supported by leading information security vendors:

  • Platinum sponsors: (ISC)2, Gigamon, Imperva, and Menlo Security
  • Gold sponsors: Carbonite, ColorTokens, Netskope, OpenText, PerimeterX, and Webroot
  • Silver sponsors: Anitian, CybelAngel, Cymulate, DivvyCloud, Expel, Sysdig, and ZeroFOX

Now available

The 2020 Cyberthreat Defense Report is available from all sponsors or by visiting the CyberEdge Group website at

About CyberEdge Group

CyberEdge Group is an award-winning research and marketing consulting firm serving the diverse needs of information security vendors and service providers. Headquartered in Annapolis, Maryland, with three dozen consultants based across North America, CyberEdge boasts more than 150 of the security industry’s top vendors as clients. The company’s annual Cyberthreat Defense Report provides information security decision makers and practitioners with practical, unbiased insight into how enterprises and government agencies defend their networks in today’s complex cyberthreat landscape. For more information, visit

The CyberEdge Group name and logo are trademarks of CyberEdge Group, LLC in the United States and other countries. All other trademarks and service marks are the property of their respective owners.



Wayne Schepens

Managing Director

LaunchTech Communications


CyberEdge Group:

Steve Piper


CyberEdge Group


error: Content is protected !!