Magnet Forensics Survey Shows Enterprises Expect to Make Major Investments in Digital Forensics

Ransomware was identified as the most frequent threat and only 13 per cent of respondents were able to avoid paying a ransom after an attack.

Magnet Forensics today announced the release of the IDC eBook, 2022 State of Enterprise DFIR. Commissioned by Magnet Forensics, the survey revealed that more than half of the respondents are expecting to make major investments in digital forensics and incident response (DFIR) technology over the next two years to address growing cybersecurity threats.

“The results of the survey are clear: Digital forensics is going to play a central role in helping enterprises protect their most valuable digital assets over the next several years,” said Adam Belsher, chief executive officer at Magnet Forensics. “Today’s threat landscape calls for enterprises to be prepared to respond to their leaders being impersonated in business email compromise attacks, their intellectual property being encrypted and exfiltrated through ransomware and the persistent threat of insiders. These challenges are driving our innovation into solutions such as Magnet AXIOM Cyber and Magnet AUTOMATE Enterprise that give organizations the capabilities to investigate cybersecurity incidents and recover from them.”

The survey of 466 DFIR decision makers and practitioners found that major improvements are needed across the board in digital forensic strategies. The respondents are expecting significant investments to carry them out.

  • About 1 in 3 respondents said major improvements or a complete overhaul were needed in four of six functions of DFIR: analysis of digital evidence, remote acquisition of target endpoints, cleaning and organizing of information and documenting, summarizing and reporting.
  • More than 60 per cent of respondents expect major investments to be made in five of the six functions of DFIR. Only remote acquisition of target endpoints (58 per cent) fell below this bar.
  • Fewer than seven per cent of respondents expect no new investments to be made in each function of DFIR over the next two years.
  • Nearly half the respondents ranked cloud forensics as the area that requires the most significant additional resources in their organizations.

“The sophistication and persistence of threat actors are increasing every day and it’s leading enterprises to realize they’ll need to make a strong investment in digital forensics and incident response technology and talent to safeguard their assets,” said Ryan O’Leary, research manager, privacy and legal technology at IDC. “The survey shows digital forensics and incident response professionals are worried about the dangers posed by ransomware and malware over the next two years and that major investments will be needed to address their concerns.”


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

The additional investments would come at a time when the volumes of data and cybersecurity threats are overwhelming organizations’ existing digital forensics personnel. The survey found that organizations with 500 to 999 employees are operating with an average of just two digital forensics professionals, while those with more than 10,000 have an average of under 15. Nearly 50 per cent said they’re turning to third-parties for help due to the excessive volume of investigations they’re handling. These professionals, the survey found, responded to major cybersecurity events that placed their organizations’ most valuable assets at risk in the past year.

  • Nearly 1 in 4 respondents identified ransomware as the most frequent event they investigated in the past year.
  • Most ransomware attacks culminated in monetary damages. The most common ransom paid by the respondents (17 per cent) was between US$100,001 and US$500,000.
  • Ransoms above US$1 million may be rare, but five per cent of respondents paid them.
  • Only 13 per cent of respondents who handled ransomware attacks avoided paying a ransom.
  • The damages caused by ransomware attacks weighed on the respondents’ outlook for the next two years. Going forward, they are three times more concerned by ransomware and malware than they are by any other threat.

To learn more, sign up to attend the upcoming webinar, “Key Findings from Magnet Forensics’ Annual Survey of Enterprise DFIR Professionals,” on Apr. 6. The webinar will feature a panel of experts from Magnet Forensics and IDC and will begin at 11 a.m. in EST, PST, AEDT and CET time zones.

Source: IDC eBook, sponsored by Magnet Forensics, 2022 State of Enterprise DFIR, doc #CA48870522BRO, 2022.

Survey methodology

IDC conducted a web survey, commissioned by Magnet Forensics, of 466 digital forensics and incident response decision makers and practitioners between Sept. 15 and Oct. 15, 2021. The respondents all work at organizations with 500 or more employees, across a variety of industries, and are stationed in the U.S., Canada, the U.K., Germany and France. The results have a margin of error of +/- 4.35 per cent at a confidence interval of 95 per cent.

About Magnet Forensics

Founded in 2010, Magnet Forensics is a developer of digital investigation software that acquires, analyzes, reports on, and manages evidence from digital sources, including computers, mobile devices, IoT devices and cloud services. Magnet Forensics’ software is used by more than 4,000 public and private sector customers in over 90 countries and helps investigators fight crime, protect assets and guard national security.

Leave a Comment

Latest Videos

Digital Forensics News Round Up, March 27 2024 #dfir #digitalforensics

Forensic Focus 27th March 2024 6:06 pm

Digital Forensics News Round-Up, March 21 2024 #digitalforensics #dfir

Forensic Focus 21st March 2024 6:15 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.

Latest Articles