Study Reveals 64% of Organizations Experienced Successful Endpoint Attack in 2018

Ponemon Institute 2018 State of Endpoint Security Risk report shows zero-day and fileless attacks cost organizations millions, with costs doubling for SMBs.

A new study released today by Ponemon Institute finds that organizations are being compromised at an alarming rate. Nearly two-thirds of companies have been compromised in the last 12 months by attacks that originated on their endpoints, a 20% increase from the previous 12-month period. The survey sponsored by Barkly, the company advancing endpoint security by combining the strongest, smartest protection with the simplest management, found that the costs of a successful attack had also increased 42% year-over-year. In 2018, endpoint attacks that bypassed defenses cost organizations an average of $7,120,000, or $440 per endpoint. For SMBs this cost nearly doubled to $763 per endpoint.

The survey of 660 IT and security professionals identified zero-day and fileless attacks as the biggest threats to organizations. 76% of successful attacks leveraged unknown and polymorphic malware or zero-day attacks, making them four times more likely to succeed in compromise compared to traditional attack techniques.

“This increase in successful attacks has exposed a gap in protection that existing solutions and processes are not addressing,” said Larry Ponemon, Chairman and Founder of Ponemon Institute. “Antivirus products missed more attacks than they stopped in 2018, and organizations believe their current antivirus is effective at blocking only 43% of attacks. There is a clear need for more effective solutions to block zero-day and fileless attacks.”

Challenged with a protection gap against modern threats, organizations have struggled to find the right solution(s) to close this gap. 70% of organizations have replaced or plan to replace antivirus in the next 12 months and cite high false positives, inadequate protection, and high management complexity as their top frustrations.  

Patching, while a critical part of a successful endpoint protection strategy, has a natural delay and leaves organizations vulnerable in the interim. Responses from this year’s survey highlight the struggles organizations have keeping endpoints patched in a timely manner. The average delay in applying patches to endpoints is 102 days. Four out of five respondents find it challenging to keep up with the frequency of patching, and 43% acknowledge they are taking more time to test and roll out patches. With zero-day attacks becoming more prevalent, any delay in patching results in accumulating risk.

With respondents believing fewer attacks can be realistically stopped, pressure is increasing to add an additional layer of protection with solutions such as endpoint detection and response (EDR) products. One of the main drivers cited for investing in EDR was to prevent spread of attack post-compromise, even though the majority of companies that purchased these solutions listed blocking attacks pre-compromise as their top challenge and priority. This disconnect between product and priority is resulting in poor EDR feature adoption. On average, organizations estimate only 46% of EDR features are ever used. SMBs also face considerable barriers to entry when it comes to EDR, including high costs and product complexity. 47% of companies that adopted EDR reported it took them more than three months to deploy.

“This study confirms the biggest gap organizations need to address is proactively blocking zero-day and fileless attacks, which are responsible for the majority of today’s endpoint compromises,” said Mike Duffy, CEO of Barkly. “Barkly offers unparalleled protection against these attacks combined with the simplest management experience.”   

Download the complete 2018 State of Endpoint Security Risk report here or register for a webinar on October 25th at 1pm ET to hear the full survey findings and implications for your organization.

About Ponemon Institute

The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in a variety of industries.

About Barkly

Barkly is advancing endpoint security by combining the strongest protection, smartest technology, with the simplest management. The Barkly Endpoint Protection Platform™ blocks attacks across all vectors and intents, including exploits, scripts, executables, and ransomware. Barkly is the only protection with visibility into all levels of the system, including the CPU and stays up-to-date through its continuous machine-learning engine that automatically converts threat intelligence into powerful protection through nightly training on malware and customer-specific goodware. Barkly requires no security expertise to setup and deploy and makes management simple through any desktop or mobile device. Barkly is independently certified for antivirus replacement, HIPAA, PCI DSS & NIST by Coalfire and AV-TEST. Barkly is formed by an elite team of security and SaaS experts from IBM, Cisco and Intel, and is backed by investors NEA and Sigma Prime. Learn more by visiting us at or follow us on Twitter @BarklyProtects.


Maya Pattison, Director of PR
617.488.9400 |