Press Release November 13, 2018

New Research Shows Most Organizations Unable to Prevent Serious Damage from Persistent Cyberattacks

Ponemon Institute Report Urges Capabilities be Strengthened Across the Enterprise to Preempt, Detect and Respond to Post-Breach Attacks


NEW YORK, NY (November 13, 2018) –Illusive Networks, the leader in deception-based cybersecurity, and the Ponemon Institute released today a report exploring how effectively organizations are able to minimize damage caused by persistent attackers who operate silently within their networks.


Among the key findings:

  • Nearly two-thirds of respondents lack confidence in their organizations’ ability to prevent serious damage from this type of attack
  • As security budgets continue to increase, the portion allocated to threat detection will grow from 32% to 40%, while allocation for preventive security controls will decline significantly from 31% to 18%.


“Because preventive controls can’t keep all attackers out, cyber programs need to anticipate attackers —both insider threats and external actors—who achieve and maintain an internal presence. To reach sensitive data and critical systems, these attackers use valid credentials and connections that the business itself creates, making them very difficult to detect. These findings suggest that organizations of all sizes are at risk and must drive improvements in their abilities to preempt, detect and respond to these pernicious threats,” said Ofer Israeli, founder and CEO of Illusive Networks.


Respondents were asked to rate themselves on a scale of 1 to 10 on capabilities associated with their abilities to preempt, detect, and respond to resident attackers. High-level insights include:


  • Only 28 percent of respondents rate themselves at 7 or higher on their ability to discover improperly stored user credentials
  • Only about 40 percent of organizations rate themselves at 7 or higher in their abilities to detect this type of attack
  • Even fewer—about 25 percent—feel as confident in their ability to respond effectively once resident attackers are identified



Gap in Business Risk Alignment


Stopping resident attackers before serious damage occurs requires the ability to prioritize activity based on level of importance to the business. However, the study found many indicators of serious risk alignment gaps, including:


  • Business leaders do not clearly communicate business risk priorities
  • Security teams lack risk-informed visibility on how incidents can impact the enterprise
  • Security leaders are not included often enough in the planning of new technology and business initiatives
  • Security technologies in most organizations are not optimized to reduce top business risk


On the more operational level, an inability to prioritize incidents based on potential impact is cited as the second most significant obstacle to better incident response. Only 37 percent agree that when a particular system is compromised, they can tell what critical services may be impacted. Only one-third of respondents rate highly their knowledge of where critical data is stored. And, most companies lack clear criteria for when to escalate a security incident to business leaders.

“While other cybersecurity research has touched on aspects of this study, this is the first time we have taken an in-depth look at these risk alignment issues. The data suggests that the gap between business leadership and security functions has a direct operational impact,” said Dr. Larry Ponemon, Ponemon Institute’s Chairman and founder, “and we hope this report helps stimulate new dialog that helps organizations improve.”


Study Methodology

Sponsored by Illusive Networks, Ponemon Institute surveyed 627 IT and IT security practitioners in the United States. All participants in this research are involved in the evaluation, selection and/or implementation of IT security solutions and governance practices within their organizations. The “Managing the Risk of Post-Breach or ‘Resident’ Attacks” report is available for download at


About Illusive Networks


Illusive Networks is a pioneer of deception-based cybersecurity, empowering security teams to take informed action against high-impact cyberattacks by detecting and disrupting lateral movement toward critical business assets early in the attack life cycle. Agentless and driven by intelligent automation, Illusive technology enables organizations to significantly increase proactive defense while adding almost no operational overhead. Illusive’s Deceptions Everywhere® approach was conceived by cybersecurity experts with decades of combined experience in cyber warfare and cyber intelligence. With the ability to proactively intervene in the attack process, technology-dependent organizations can preempt significant operational disruption and business losses, and function with greater confidence in today’s complex, hyper-connected world.


For more information, visit us at, contact us at or follow on LinkedIn, @Illusivenw on Twitter and Facebook.


About Ponemon Institute


Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.


Media Contact for Illusive Networks:

Meredith Zaritheny, Prosek Partners

O: 646-503-6278



Media Contact for Ponemon Institute

Dr. Larry Ponemon

Phone: 231-938-9900