Security Controls
Cybersecurity statistics about security controls
Showing 1-17 of 17 results
Only 7% of organizations believe their controls would prevent a compromised agent from operating.
The majority of businesses and charities have implemented basic technical controls, such as updated malware protection (81% businesses and 63% charities), backing up data securely via a cloud service (74% businesses and 57% charities), password policies (74% businesses and 56% charities), network firewalls (74% businesses and 45% charities) and restricted admin rights (73% businesses and 65% charities).
Adoption of more advanced controls like two-factor authentication (47% businesses and 38% charities), a virtual private network for staff connecting remotely (36% businesses and 17% charities) and user monitoring (30% businesses and 31% charities) remain lower than other measures.
Only 21% of organizations enforce protections like cooldown periods.
32% of SMBs perform penetration testing.
63% of SMBs have antivirus or antimalware tools.
58% of SMBs have firewalls.
34% of SMBs have vulnerability scanning.
67% of SMBs have real-time threat monitoring or intrusion detection/prevention systems.
45% of organizations reported that their cyber insurance policy could be voided if required security controls were not in place.
54% of firms in the financial services industry still rely on spreadsheets or in-house systems to track security controls.
84% of CISOs expressed concern over whether their cyber defenses could withstand an attack from a sophisticated threat actor
One in five attacks in 2024 displayed some form of evasive technique designed to evade traditional network and endpoint-based security controls
None of the nearly 93,000 threats analysed in Red Canary's 2025 Threat Detection Report were prevented by customers' expansive security controls.
Critical security controls were found to be either non-compliant with internal security and risk policies or missing from devices 15 percent of the time in the analysed healthcare PCs.
12% of enterprises are waiting for security controls to be ready before deploying AI.
48% of enterprises report implementing specific security controls for AI deployments.