This chapter presents quantitative survey results from 100 carefully selected respondents across private, governmental, and commercial sectors on cyber threat perception and security practices. The study reveals that 59% perceive insider threats as most critical, while only 28% employ a dedicated Chief Information Security Officer. Key findings include significant gaps between threat awareness (92% want more investment in security) and implementation (only 27% have intellectual property agreements), low smartphone security adoption (64% never lock screens), and barriers to adoption including lack of awareness (65%), budgetary constraints (64%), and skills gaps (58%). Results also indicate varied adoption of NIST Framework guidelines across organizational functions, with intrusion detection at 62% but computer forensics employed in only 25% of incident-response cases.
This survey was constructed across a cross-section of people, individuals, social media users, official operators (governmental and commercial), and sensitive data operators (financial and defense sectors) as well as third-party data managers for academic and business interests. Following the inductive, longitudinal methodology described in Chapter 3, quantitative analysis employs a structured questionnaire approach. Following Trochim (2006), a structured questionnaire was carefully prepared and presented to 100 respondents selected from a wide cross-section of users.
Several important considerations informed the survey design. Researchers may inadvertently influence responses through body language or question framing, requiring careful attention to neutrality. Additionally, respondents may withhold details about dubious encounters for various reasons (Saunders et al., 2012). To mitigate these concerns, the questionnaire was designed to elicit original experiences and honest opinions from users.
Respondents were carefully selected and informed of information confidentiality before participation. The research aim was explained prior to survey distribution, and requisite permissions were obtained. All participants received assurance that their responses would be used solely for designing a proposal addressing cyber threats and prevention strategies. The survey structure accommodated both formal organizational hierarchies and personal interactions, allowing threat understanding to expand from individual to commercial and social contexts. Given the extrapolation approach, the sample size of n=100 was selected to capture diverse threat types and solutions across different user segments.
The survey design specifically anticipated emerging technologies and untried approaches, recognizing that the web remains a relatively recent phenomenon with rapidly evolving threat landscapes. Participants were accessed via email, personal contact, and social connections to ensure diverse representation.
The survey revealed striking patterns in how organizations perceive and respond to cyber threats. The most surprising finding was that threat perception owing to privileged users reached 59%. Among the 93% of U.S. net users in organizations who identified internal threats as the dominant factor, 92% indicated a desire to invest more in security measures. However, significant gaps emerged between perception and practice.
Regarding specific threat vectors, 46% of respondents believed cloud environments were susceptible to data attacks, while 34% identified collaborators, franchisees, and business partners as data threats. Across all net users, 59% thought existing prevention mechanisms were very effective. However, awareness of threat origins varied: 53% attributed potential attacks to carelessness and inadequate attention to threats, while 64% agreed that malicious insider intent poses greater risk than outsider malicious intent.
When asked about effective countermeasures, respondents emphasized layered defense as the most promising approach, combining conventional practices with advanced techniques and tools. For data protection, the principle of "follow the data"—safeguarding information wherever it resides in cloud, server, or local network environments—emerged as critical. Unused and dormant data require protection through encryption methodology.
In collaborative contexts, 82% of organizations heavily invested in prevention techniques actively contacted other organizations to upgrade knowledge. From a business perspective, 69% believed cyber threats would negatively impact their operations. However, only 28% of respondents had employed a dedicated Chief Information Security Officer (CISO) or Chief Information Security Officer—a startling revelation given other survey findings.
When asked about adherence to risk-deterring policies, respondents reported the following affirmative responses: Vulnerability Management efforts and practices at 49%; technically segmented access control at 45%; deploying ethical "white hat" hackers at 44%; governmental security certification at 44%; and Internet connection monitoring (point-to-point security measures) at 43%.
Cyber incident rates varied significantly across sectors. In the banking industry, 38% of incidents involved financial fraud. Healthcare organizations reported 24% incidents related to data alteration and unauthorized access. Information Technology and Telecom sectors experienced 33% incidents involving inability to access email applications. In the insurance sector, 38% of respondents reported no incidents, while 29% reported financial losses.
Within governmental organizations, the most prevalent incidents involved unauthorized use of systems, data, and networks, along with tampering of data and operating systems, each occurring at 24% of reported cases. These patterns highlight sector-specific vulnerabilities and the need for tailored security approaches across industries.
The survey assessed organizational adoption of NIST Framework guidelines—Identify, Protect, Detect, Respond, and Recover—reflecting evolving policy requirements. When asked about threat appraisal and response planning, 49% of respondents reported having undertaken strategies to thwart cyber attempts, with insider threats identified as the most pervasive. However, only 23% confirmed their organizations had checks specifically for insider threats in place, indicating a significant implementation gap.
For the Identify guideline, 56% of respondents had processes in place to identify the security posture of third parties (contractors and partners), yet only 27% had implemented intellectual property agreements. The 28% who hired full-time information security officers represented a minority across the sample.
Under the Protect guideline, 59% of organizations implemented password management practices, and 58% deployed intrusion prevention systems. In the Detect function, 62% reported intrusion detection capabilities, but only 28% utilized Security Information and Event Management (SIEM) technology—a vital real-time software and hardware management framework. Employee security training was conducted in only 28% of organizations.
The Respond phase revealed that 54% of respondents had formalized procedures for reporting intrusions or threats. However, computer forensics—essential for post-incident investigation—was employed in only 25% of organizations that had experienced attacks. In the Recover phase, 53% had effective programs to evaluate the effectiveness of deployed prevention measures, but only 20% corresponded with third parties for independent evaluation of their prevention tools.
The survey extended to smartphone and tablet users, recognizing the growing reliance on mobile devices for personal, commercial, and official business. Data stored on these devices carries far-reaching implications, yet conventional security measures were perceived as insufficient. The increasing likelihood of device loss or theft warranted examination of personal security practices.
Mobile device security adoption remained alarmingly low. Among respondents, 64% never locked their smartphone screens, while only 23% used a standard four-digit code. A mere 13% employed longer passwords or pattern-based locks, and only 8% utilized encryption—the most secure measure available. Application protection showed similarly weak adoption: 15% used antivirus tools, 22% used phone locator applications, and only 8% of smartphone users enabled remote data erasure when devices were lost. Approximately 40% of respondents reported using no security measures whatsoever to protect mobile device data.
When asked about host security configuration monitoring on personal devices, responses included: Network Access Control (NAC) at 52%, Security Configuration Management (SCM) at 35%, third-party vulnerability checks at 34%, manual checking at 32%, and File Integrity Management (FIM) at 28%. Those accounting for no measure to detect vulnerabilities in dynamic data usage were not specifically tabulated.
"Obstacles and software vendor preference trends"
You’re 86% through this paper. Sign up to read the remaining 1 section.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.