CRAE Index Shows North America Focused on Reactive Cybersecurity Measures, Europe on Proactive

Published on
January 19, 2021

Third Quarter 2020 release of quarterly tracker also shows organizations remain confident in security measures; highlights phishing as a top concern

New York, NY, January 20, 2021 – Cybersecurity and IT pros in North America and Europe continued to increase spending and allocation of resources, time and effort to cybersecurity in the third quarter of 2020, according to the most recent Cybersecurity Resource Allocation and Efficacy (CRAE) Index.

Other key findings: Organizations’ satisfaction with their security efforts remained high but grew more slowly than in the prior quarter — indicating a possible shift in confidence. The third-quarter data also showed that phishing continued to be a top concern among cybersecurity professionals, who nonetheless are confident they are effectively managing against such attacks.

The CRAE index, developed and published by the CyberRisk Alliance Business Intelligence unit and underwritten by Pulse Secure (acquired by Ivanti), reports on the overall focus and direction of organizations’ cybersecurity activities, spending, and perceived progress over time. Data is derived from quarterly surveys among 300 business, IT, and cybersecurity professionals at organizations with at least 500 employees in manufacturing, high tech/business services, financial services, and healthcare industries in North America and Europe.

According to the latest report, North American companies focused more on reactive measures (recover and respond) while Europeans focused more on proactive measures (identify, protect and detect). The data suggests regulatory and cultural differences could be in play, as privacy laws in Europe are more stringent and focus more on prevention than remediation.

Phishing and other identity/credential theft continue to be top security concerns for all regions, with more than half of all respondents were reporting their organizations were victims of phishing attacks. Organizations seem confident in their management of the issue and attribute numerous failed phishing attempts to aggressive security policies and proactive strategies. For more detail about where organizations are spending the most money and the threats that most concern them, click here to view or download the full report.

About CyberRisk Alliance
CyberRisk Alliance (CRA) is a business intelligence company serving the cybersecurity community. Our mission is to provide the knowledge and insight needed to navigate today’s complex security landscape, and to support and empower the industry’s leaders. Our trusted information leverages a unique network of journalists, analysts and influencers, policymakers and practitioners, and is delivered through events, research, media, and virtual learning. Our brands include SC Media, Security Weekly, InfoSec World, Cybersecurity Collaboration Forum, our research unit CRA Business Intelligence, and the peer-to-peer CISO membership network, Cybersecurity Collaborative. More information is available at

We're Here to Help

From news, analysis, and insight, to events, communities, custom content and marketing solutions, the CyberRisk Alliance portfolio provides support to the entire cybersecurity ecosystem. We'd love to help support your goals.