First-Ever Black Hat Survey Reveals Disturbing Spending Gap in Enterprise IT Security Resources

Only 27% of Security Workforce Feel Their Organization is Equipped to Defend Against Current Threats

Jul 15, 2015

SAN FRANCISCO, July 15, 2015 /PRNewswire/ -- Today, Black Hat, the world's leading family of information security events releases its first-ever research report ahead of the annual conference this August. Based on a survey of nearly 500 top-level security experts who have attended the annual Black Hat USA conference, this research highlights the trends and pitfalls of the InfoSec world with responses from one of the most security-savvy audiences in the industry. The 2015 Black Hat Attendee Survey reveals a significant gap between the priorities and concerns as well as the actual expenditure of security resources in the average enterprise. For more information and to download the full report, 2015: Time to Rethink Enterprise IT Security, visit:

Black Hat releases 2015 Black Hat Attendee Survey ahead of the annual conference this August in Las Vegas, NV.

In 2015, enterprises will spend more than $71.1 billion on information security – more than they have ever spent before, according to Gartner Group figures. Yet, the incidence of major data breaches shows no signs of abating. As enterprises continue to struggle with online attacks and data leaks, many are asking one common question: What are we doing wrong?

The 2015 Black Hat Attendee Survey revealed that most en­terprises are not spending their time, bud­get, and staffing resources on the problems that most security professionals consider to be the greatest threats.

A Troubling Disparity between Priorities and Actual Resources
The survey revealed a significant gap between the top concerns that keep security professionals awake at night, compared to the tasks that keep them occupied during the day. For example:

  • Sophisticated Targeted Attacks: 57% of respondents indicated attacks targeted directly at their organization as their greatest concern. However, only 26% indicated that mitigating these attacks were among the top three security spending priorities in their organization. Further, only 20% said targeted attacks were among the top three tasks they spend the most time on day-to-day.
  • Social Engineering: At 46%, the second greatest concern was phishing, social network exploits or other forms of social engineering. Yet, only 22% indicated their organization spends a large portion of their security budget here. And only 31% indicated that they spend a large amount of their time on social engineering.

If not on their top concerns for the business, where are security professionals spending their time?

  • More than a third of Black Hat attendees said that their most time-consuming tasks are in addressing vulnerabilities introduced by internally developed software (35%) and vulnerabilities introduced by off-the-shelf software (33%). The data suggest that application flaws across the enterprise consume a great deal of time for the IT staff, yet are seldom considered the greatest threats.

Warning to the Industry: Serious Shortage of IT Security Resources and Staffing
Nearly three quarters (73%) of respondents think it is likely that their organizations will have to deal with a major data breach in the year ahead. A key reason for security professionals' con­cerns about future attacks is the shortage of resources that they feel in their own orga­nizations:

  • Staffing Shortage: Only 27% of respondents said they feel their organization has enough staff to de­fend itself against current threats.
  • Measly Budgets: Only one-third (34%) said their organization has enough budget to defend itself against cur­rent threats.
  • In Need of Training: While 36% said they have the skills they need to do their jobs, some 55% said they could use some training.

The combina­tion of these responses should serve as a warning to the industry that security defense strategies and resources need serious re­thinking, and that the protectors of the enterprise are not confident in their ability to keep adversaries out of systems and data.

Download the Full Research Report
The survey results indicate a pressing and immediate need to re­think the current enterprise IT security model. Top concerns are changing – and the structure of resources, staffing and budget should follow suit. For actionable insights and a glimpse into the top concerns in the years to come, download a copy of 2015: Time to Rethink Enterprise IT Security by visiting:

Black Hat USA 2015: August 1-6 in Las Vegas
Just weeks after the survey results present these troubling industry trends, the InfoSec community will gather to discuss, collaborate and share solutions for many of these developments at the annual Black Hat USA show, returning to Las Vegas for its 18th year. The week will kick off with nearly 70 separate deeply technical Trainings, followed by more than 110 innovative research-based Briefings. Covering everything from vulnerabilities within critical infrastructure to exploits against the most popular operating systems, mobile devices and automakers, Black Hat USA 2015 will present one of the most comprehensive programs in the event's history. For more information and to save $400 on your Briefings Pass by July 24, please visit

About Black Hat
For more than 17 years, Black Hat has provided attendees with the very latest in information security research, development, and trends. These high-profile global events and trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors. Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia, and are produced by UBM Tech. More information is available at:

About UBM Tech
UBM Tech engages technology professionals live and online through its world-class brands, including Black Hat, InformationWeek, Enterprise Connect, Game Developers Conference (GDC), Dark Reading, HDI, GTEC, Network Computing and Interop. We're dedicated to fostering real engagement by creating environments where the technology industry can make connections, share insights, and network effectively. UBM Tech is the only media company that delivers large-scale industry events, leading online brands and content marketing services serving the Enterprise IT, Information Security, Game Development, Enterprise Communications and Technical Services and Support communities. UBM Tech is a part of UBM (UBM.L), a global provider of media and information services with a market capitalization of more than $2.5 billion. For more information, go to

Logo -



For further information: Meredith Corley, Black Hat Public Relations,