100% of the major US companies have an IT security program: Results of the CISO Survey 2017

The situation in the largest market for simulated Internet attacks and IT security awareness testing is absolutely clear: Social engineering for educational purposes has become a regular activity at US companies. Phishing simulations are part of their daily business!

The results of the LUCY CISO survey among IT security representatives of renowned US companies speak for themselves:

  • 100% of the CISOs / IT security officers interviewed stated that they maintain a program to raise awareness of Internet risks among employees in their company
  • 100% of respondents stated that they used training videos to maintain employee awareness
  • With the exception of one person, all respondents have requested that they conduct phishing tests (phishing simulations) in their company
  • More than 90% of respondents stated that their companies use automated threat analysis systems[1] (cyber risks)
  • Less than 10% of respondents stated that malware and ransomware simulations[2] are performed in their companies

Conclusion: In the USA, it has been recognized that not only the IT systems need to be protected, but also the employees have to be’ imumunized’ through ongoing training. This is the only way to ensure sustainable and improved protection against cybercriminality. Offers for such activities become widespread. The offering turns into a commodity as the market.

Survey: On the occasion of the Security Shark Tank held in Palo Alto on October 5,2017, LUCY Security conducted a survey among a group of 24 American CISOs. The survey focused on phishing testing, employee awareness and alerting in threat situations. The number of respondents is not sufficient for a statistically relevant study. Nevertheless, the CISO survey clearly shows the market situation in the USA who is the largest Security Awareness Testing and Training Market.



[1] This corresponds to the Threat Analyzer https://www.lucysecurity.com/tag/threat-analyzer/ und (neu) dem Threat-Mitigator

[2] This corresponds to Malware- und Ransomware-Simulation in LUCY (Malware Simulation Toolkit)  https://www.lucysecurity.com/en/create-run-malware-simulations-lucy-screencasts/


0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.