The 2023 Threat Mindset Survey: SonicWall Customers Sound Off
We asked thousands of SonicWall customers for their views on the threat environment, their business environment and more. Here’s what they said.
Cybersecurity is a dynamic, constantly changing field, and threats lurk around every corner for those lacking the knowledge or tools to protect themselves. To get a better idea of customer sentiment and firsthand experience on issues from finances to phishing, SonicWall conducts the Threat Mindset Survey each year. In late 2023, we sent ten questions to over 16,000 SonicWall customers worldwide, and the results reveal not only the hurdles they’re currently facing, but also the challenges they anticipate in the future.
This blog presents a few of the key findings from the 2023 SonicWall Threat Mindset Survey, as well as key takeaways.
A Majority Are More Concerned About Cyberattacks
We asked customers if their level of concern about cyberattacks has increased, decreased or remained the same when compared to previous years, and 55% of them are more concerned than ever before. Given that the data in our 2024 Cyber Threat Report showed that malware, cryptojacking, intrusion attempts and more have continued to increase, they’re right to be worried about a cyberattack on their organization.
Figure 1: A majority of SonicWall customers are more concerned about a cyberattack on their organization when compared to previous years.
Ransomware Still the Primary Concern
Data from our 2024 SonicWall Cyber Threat Report showed that in 2023, ransomware attacks increased in both sophistication and ruthlessness. And while attacks decreased year-over-year, 2023 still had the third-highest ransomware volume of any year on record. Given the continued prevalence of ransomware, it’s no surprise that customers continued to be most concerned about a ransomware attempt on their organization.
Phishing and encrypted malware attacks aren’t far behind ransomware, however, with 76% and 64% of respondents respectively listing them as top concerns.
Figure 2: Ransomware is the most concerning attack type among most of our customers.
Concern Over Insider Threats Increases
We asked our customers which type of threat they think they’re most likely to see at their organization — and while the top answer was still financially motivated attacks, the number of people concerned about insider threats jumped 15% compared to last year. The reasons for this increase are outside the purview of our survey; however, recent headline-grabbing insider threat incidents, including an Air National Guardsmen leaking sensitive data to a Minecraft Discord server, may have played some role.
Figure 3: Fear of an insider threat attack increased by 15% over the past year.
15% of Customers Rarely or Never Read Industry News
For many of us, consuming cybersecurity news is a key component of our job. If you aren’t up to date on the latest trends and attack patterns in your industry, how can you adequately tailor your defenses to combat them?
But despite 54% of our customers deeming it a requirement amid today’s constantly evolving threat landscape, 15% of our customers say they rarely or never consume industry news — up from 9% last year.
Figure 4: 15% of SonicWall customers rarely or never consume cybersecurity news.
Many Customers Still Need to Set a Patching Policy
Frighteningly, more than a quarter of SonicWall customers have no set policy for rolling out patches for critical vulnerabilities. With patching being one of the lowest cost and highest impact practices an organization can implement to stop cyberattacks, it’s important to have a set protocol for deploying patches in the case of widespread or highly exploited vulnerabilities. In fact, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have listed poor patch management as one of the top ten cybersecurity misconfigurations they see in organizations.
Figure 5: 27% of SonicWall customers have no official patching policy.
Headcount Comfort Up 6% from Last Year
At the beginning of 2023, there were a reported 750,000+ cybersecurity job openings in the United States alone, which means there’s obviously still a great need for talent in the cybersecurity space. The good news is that among SonicWall customers, headcount comfortability is up from last year.
Figure 6: The percentage of our customers with adequate headcount increased from 51% to 57% over the past year.
Security Budgets On the Rise
Last year, only 56% of respondents viewed their IT/cybersecurity budget as adequate, compared with 33% of respondents saying the opposite. Fortunately, it appears budgets have increased for some: Our most recent survey showed that 62% now have adequate security budgets, with the percentage reporting the contrary decreased by 8%.
Figure 7: Budgets appear to be on the rise according to our 2023 Threat Mindset Survey.
Fewer Organizations Worried About Hiring, Vendor Vulnerabilities
Last year, 48% of respondents said staying current with vendor vulnerabilities was one of their biggest issues when it came to addressing growing cybersecurity demands. This year, that number shrank to 12%. Organizations also seem to be having less trouble hiring and training staff, with 26% rating that a top concern in our last survey and just 8% saying the same in the most recent survey. And while fewer respondents reported inadequate budgets, consistent with Figure 7, those who were plagued by budget issues ranked that concern higher this year than last year.
Figure 8: Keeping up with the changing security landscape remained the top issue for respondents.
In Their Own Words
We also asked customers two more open-ended questions. Here are some of the responses:
In your own words, how has the evolving cyber threat landscape impacted your organization’s ability to operate normally?
“It is becoming increasingly difficult to achieve an adequate level of protection. We have to invest more and more time and money to get proper protection.” – IT Specialist, Small Business Engineering Company
“The labor diverted from business initiatives to cybersecurity swells year over year. The threat landscape evolves too quickly, which demands I spend more of my time managing cybersecurity, which has an impact on business operations.” – Chief Information Officer, Management Company
“The evolving landscape is the new normal, so operating normally is more complex and full of security pitfalls than ever.” – IT Director, Educational Institution
In your own words, how has a proven cybersecurity product, solution or strategy positively impacted your organization’s ability to operate successfully?
“With SonicWall, we have peace of mind in securing our whole network against threats; it helps in focusing on real work.” – IT Professional, Small Business Professional Services Company
“We feel more secure about our posture and more confident in our ability to fend off attacks. Users are the weak link, and our strategy includes training for them.” IT Director, County Government
“SonicWall simplifies a lot of tasks, provides great visibility, and allows for fairly good analysis and investigation.” – IT Professional, Consulting Company
That’s a Wrap
SonicWall’s 2023 Threat Mindset Survey offers great insights into industry trends and the top concerns of our customers. While there are plenty of positive trends in this data, many businesses are more concerned about cyberattacks than ever before. If you’re among the organizations looking to level up your cybersecurity posture, from increasing protection via a patching strategy to maximizing simplicity through the use of MDR, we’d love to speak with you!
