IT professionals face a myriad of challenges as they try to navigate the often murky security and compliance landscape. We explored some of their experiences in the “Kaseya Cybersecurity Survey Report 2024,” uncovering critical insights into the pressures shaping today’s IT strategies. From grappling with rising cyberthreats to meeting complex regulatory requirements, IT teams are tasked with striking a balance between proactive risk management and operational efficiency. Gaining insight into the roadblocks and hazards they might encounter, along with the strategic moves they are making, may help shed new light on managing security and compliance in an increasingly unpredictable environment.
NIST is the leading framework
Organizations are using a mix of global and regional frameworks to address different operational, regulatory and security needs. The most popular cybersecurity framework amongst our survey respondents is NIST (40%), followed by Zero Trust (36%) and ISO 27001 (27%). The popularity of NIST, Zero Trust and ISO 27001 indicates a focus on proactive security measures, risk management and compliance with international standards.
Which of the following cybersecurity frameworks do you currently utilize?
| Framework | % of Responses |
|---|---|
| NIST | 40% |
| Zero Trust | 36% |
| ISO 27001 | 27% |
| MITRE ATT&CK | 20% |
| CIS | 20% |
| CMMC | 14% |
| COBIT | 13% |
| ASD Essential 8 | 8% |
| NCSC CAF | 8% |
Vulnerability assessment frequency on the rise
The frequency of vulnerability assessments has risen significantly, with 24% of organizations conducting them more than four times annually in 2024, compared to 15% in 2023. In contrast, biannual assessments have declined from 29% to 18% while annual assessments remain consistent at 18%. This trend underscores an increasing focus on frequent and proactive security evaluations, driven by tightening regulations and an evolving cybersecurity landscape.
Approximately how frequently does your organization conduct IT security vulnerability assessments?
| 2024 | 2023 | |
|---|---|---|
| More than 4 times per year | 24% | 15% |
| 3 to 4 times per year | 22% | 23% |
| 2 times per year | 18% | 29% |
| 1 time per year | 18% | 20% |
| Less frequently than once per year | 11% | 10% |
| Never/I don’t know | 7% | 4% |
Fear of phishing and ransomware attacks has declined
IT professionals appear confident in the defenses they have implemented. Respondents view phishing and ransomware as moderate risks, with 43% considering phishing “somewhat likely” to occur within the next 12 months and 36% expressing the same view about ransomware. This indicates both awareness of these threats and trust in current security measures, contributing to a reduced perception of successful attack likelihood. However, despite this confidence, maintaining vigilance remains essential.
What do you believe is the likelihood that your organization will experience a successful phishing attack in the next 12 months?
| Likelihood of falling victim to a phishing attack | Response |
|---|---|
| Extremely likely | 8% |
| Very likely | 17% |
| Somewhat likely | 43% |
| Not very likely | 27% |
| Not at all likely | 5% |
What do you believe is the likelihood your organization will experience a successful ransomware attack in the next 12 months?
| Likelihood of falling victim to a ransomware attack | Response |
|---|---|
| Extremely likely | 3% |
| Very likely | 12% |
| Somewhat likely | 36% |
| Not very likely | 41% |
| Not at all likely | 9% |
Concern about human error is mounting
Our data reveals a notable rise in concern over human error, increasing to 36% this year, reflecting heightened awareness of social engineering and distraction as significant threat vectors. At the same time, concerns about endpoint threats, including servers and laptops, have sharply declined — server concerns dropped from 12% to 4%, and laptops from 11% to 6%. This data underscores a shift in focus toward addressing human error and cloud security, accompanied by a reduced emphasis on traditional vectors such as email and endpoint security.
Which of the following threat vectors are you most concerned about being the gateway to a successful attack in the next 12 months?
| Attack Vector | 2024 | 2023 |
|---|---|---|
| 22% | 25% | |
| Human error (social engineering, distraction) | 36% | 16% |
| Endpoint (server) | 4% | 12% |
| Endpoint (laptop) | 6% | 11% |
| Cloud | 13% | 10% |
| Network | 4% | 8% |
| Insider threats | 4% | 6% |
| Supply chain | 2% | 5% |
| Unpatched systems (zero day attacks) | 7% | 5% |
Top security management challenges
Organizations are primarily concerned with human factors (error, culture, skills) and budget constraints, suggesting a strong need for affordable, human-centric solutions. The top four security challenges that IT professionals anticipate facing in 2025 are human error (19%), budget constraints (16%), IT and security skills (14%) and building a security culture (13%). The relatively low concern for technical risks might suggest misplaced confidence, emphasizing the importance of maintaining vigilance across all threat vectors.
What do you anticipate will be your top security management challenge in the next 12 months?
| Concern | Response |
|---|---|
| Human error | 19% |
| Budget | 16% |
| IT and security skills | 14% |
| Building a security culture | 13% |
| Don’t know | 11% |
| Governance (framework) | 9% |
| Security awareness training | 6% |
| Staffing | 4% |
| Insider risk | 3% |
| Zero day attacks | 3% |
| Supply chain risk | 2% |
Future security and compliance success will require careful management
As IT professionals navigate the ever-evolving cybersecurity landscape, the challenges are as dynamic as the emerging technologies shaping the field. Yet, these challenges also present opportunities. Building a robust IT infrastructure isn’t just about countering today’s threats. It’s also about fostering resilience and agility to tackle future challenges. As we look ahead, innovation, strategic investments in advanced solutions and a focus on preparedness will be essential for securing a safer and more resilient digital future.
Simplify security and compliance management with the right tools
RapidFire Tools equips IT professionals with smart solutions that make it easier to manage security and bolster compliance.
Simplify compliance with Compliance Manager GRC, which automates processes, assigns tasks, and delivers real-time insights — turning compliance into a scalable, profitable service.
Gain full network visibility with Network Detective Pro, a cloud-based platform that uncovers and manages risks, saves time, and strengthens client retention through actionable insights and professional reports.
Protect against evolving threats with VulScan featuring comprehensive vulnerability scanning that enables the discovery, prioritization, and mitigation of internal and external risks.
Ready to take your risk and compliance management to the next level?
Learn more about how our automated risk and compliance management solutions can help streamline your compliance processes and elevate your service offerings.
