Welcome to the TEST Magazine Cybersecurity Survey 2019!

The aim of this anonymous survey is to gauge the state of our readership's Cybersecurity experiences; software testing & development, preparedness, training, products and issues.

NB: If you fill in the email field you will be entered into a prizedraw to win a pair of tickets for both days of
The National Software Testing Conference, 21st-22nd May

- worth £1470 !!!

Question Title

1. Full Name: (optional)

Question Title

2. Company: (optional)

Question Title

3. Email address: (optional)

Question Title

4. Contact number: (optional)

BUSINESS INFO

Question Title

5. How would you describe you or your company / organisation's status?

Question Title

6. In what sector is your company or organisation's main business activity?

Question Title

7. How many staff does your company or organisation employ?

EXPERIENCES & OPINIONS

Question Title

8. Has your company or organisation had any form of security breach in the last year?

Question Title

9. Have you seen an increase in the number of attacks/incidents over the past 5 years?

Question Title

10. Based on previous years' incidents, do you feel your company would be adequately equipped to handle a surge in cyber security threats this year?

Question Title

11. To the best of your knowledge, how many incidents did your company or organisation have in the last year?

  < 10 10-25 25-50 50-75 75-100 100 <
Infection by viruses or malicious software
Customer impersonated fraudulently (e.g. identity theft)
Organisation impersonated via Internet (e.g. phishing attack)
Attack on Internet or telecommunications traffic
Denial of service attack
Actual penetration into the organisation’s network
Incidents caused by staff

Question Title

12. What was the worst single incident suffered by your company or organisation?

Question Title

13. What was the cause of the incident?

Question Title

14. Have any company issued Smartphones or Tablets been the victim of a cyber security breach/attack?

Question Title

15. Has your company or organisation had a security or data breach relating to one of their cloud computing services?

Question Title

16. Does your company of organisation have have a formal cybersecurity risk assessment process? If so, how often is this updated or carried out?

Question Title

17. How large is the cybersecurity team in your organisation?

Question Title

18. To the best of your knowledge, approximately what percentage of the company budget is spent on cybersecurity ?

Question Title

19. In your opinion where is most of your company or organisation's cybersecurity time spent?

  < 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Evaluation & tool selection
Updates
Implementation
Maintenance & compliance

Question Title

20. Does your company have a formal process in place for reporting security breaches?

Question Title

21. Do you feel your company or organisation is transparent enough to stakeholders , consumers and regulators regarding security threats?

Question Title

22. In which area do you feel your company or organisation's vulnerabilities mostly lie?

STAFF ACCESS & TRAINING

Question Title

23. Does your company provide employees access to any of the following?

Question Title

24. If you have answered 'yes' to at least two of the above:

Question Title

25. Is 2FA (2 factor authentication) a mandatory requirement in your organisation?

Question Title

26. In your company or organisation who is mostly responsible for the deployment of cybersecurity measures?

Question Title

27. Who is mostly responsible for the training of non-technical staff?

Question Title

28. What training is provided in your organisation to improve cybersecurity?

TOOLS & TESTING

Question Title

29. Which tools does you your company or organisation use for security testing?

Question Title

30. Why are these tools chosen in particular?

Question Title

31. What methodologies do you use for security testing your products/services?

Question Title

32. Does your company or organisation use third parties to conduct security assessments on your products/systems?

Question Title

33. Who performs your security testing?

Question Title

34. Do you have security teams that attack your products/systems prior to release? (Red Teams/Blue Teams)

Question Title

35. Has your company or organisation ever hired ethical hackers to pentest your network and/or outer networks?

Question Title

36. If so, did this deliver measurable improvements/benefits to your cybersecurity programme?

Question Title

37. Has your company or organisation ever undertaken cybersecurity testing targeted at staff (sending emails, java applets, etc.) rather than systems?

Question Title

38. Do you have a dedicated team to assess and respond to security vulnerabilities reported in your products, services or business?

Question Title

39. Does your company or organisation have an out-of-hours process to deal with incidents (i.e. Ops Cops, on-call rotas)?

Question Title

40. Do you use automated tools for security testing or code review – if so, which ones?

Question Title

41. What cloud security certifications do you or your organisation's teams hold?

Question Title

42. Has your company or organisation incorporated any of the following into its cybersecurity program?

Question Title

43. Has your company or organisation used blockchain security-based platforms as part of product development to strengthen security encryption?

Question Title

44. If yes, which one(s)?

Question Title

45. If no, are they planning on implementing blockchain security-based platforms in the future?

Question Title

46. Does your company or organisation use any Identity Management tools (i.e. OKTA , auth0 , ForgeRock identity) as a barrier to entry for any tools or services?

Question Title

47. If yes, which one(s)?

Question Title

48. What percentage of your software development and testing team is focused on security?

Question Title

49. How effective is your organisation's process for using intelligence from internal sources (such as configuration log activities) to predict malicious activities?

Question Title

50. How effective is your organisation's process for using intelligence from external sources (such as vendor-supplied threat feeds) to predict malicious activities?

Question Title

51. Does your company or organisation use open source / community based testing, such as GitHub?

DevOps / SDLC

Question Title

52. At which stage do you usually review / begin to build-in security in the software development lifecycle?

Question Title

53. Do you feel that regularly deploying and changing software in a DevOps environment affects your cybersecurity?

Question Title

54. Do you feel that development, test and production environments are adequately separated in your organisation?

Question Title

55. Are your security and engineering functions integrated, or are you planning to integrate them?

Question Title

56. How does your company or organisation measure the success of its cybersecurity programme?

Question Title

57. What are the metrics used by your company or organisation to measure this improvement in cybersecurity?

 

T