The Rise of Digital Forensics


Magnet Forensics has announced the release of the IDC eBook, 2022 State of Enterprise DFIR. Commissioned by Magnet Forensics, the survey revealed that more than half of the respondents are expecting to make major investments in digital forensics and incident response (DFIR) technology over the next two years to address growing cybersecurity threats.

“The results of the survey are clear: Digital forensics is going to play a central role in helping enterprises protect their most valuable digital assets over the next several years,” said Adam Belsher, chief executive officer at Magnet Forensics. “Today’s threat landscape calls for enterprises to be prepared to respond to their leaders being impersonated in business email compromise attacks, their intellectual property being encrypted and exfiltrated through ransomware, and the persistent threat of insiders. These challenges are driving our innovation into solutions such as Magnet AXIOM Cyber and Magnet AUTOMATE Enterprise that give organizations the capabilities to investigate cybersecurity incidents and recover from them.”

  • About 1 in 3 respondents said major improvements or a complete overhaul were needed in four of six functions of DFIR: analysis of digital evidence, remote acquisition of target endpoints, cleaning and organizing of information and documenting, summarizing and reporting.
  • More than 60 percent of respondents expect major investments to be made in five of the six functions of DFIR. Only remote acquisition of target endpoints (58 percent) fell below this bar.
  • Fewer than seven percent of respondents expect no new investments to be made in each function of DFIR over the next two years.
  • Nearly half the respondents ranked cloud forensics as the area that requires the most significant additional resources in their organizations.

“The sophistication and persistence of threat actors are increasing every day and it’s leading enterprises to realize they’ll need to make a strong investment in digital forensics and incident response technology and talent to safeguard their assets,” said Ryan O’Leary, research manager, privacy and legal technology at IDC. “The survey shows digital forensics and incident response professionals are worried about the dangers posed by ransomware and malware over the next two years and that major investments will be needed to address their concerns.”

The additional investments would come at a time when the volumes of data and cybersecurity threats are overwhelming organizations’ existing digital forensics personnel. The survey found that organizations with 500 to 999 employees are operating with an average of just two digital forensics professionals, while those with more than 10,000 have an average of under 15. Nearly 50 percent said they’re turning to third parties for help due to the excessive volume of investigations they’re handling. These professionals, the survey found, responded to major cybersecurity events that placed their organizations’ most valuable assets at risk in the past year.

  • Nearly 1 in 4 respondents identified ransomware as the most frequent event they investigated in the past year.
  • Most ransomware attacks culminated in monetary damages. The most common ransom paid by the respondents (17 percent) was between US$100,001 and US$500,000.
  • Ransoms above US$1 million may be rare, but five percent of respondents paid them.
  • Only 13 percent of respondents who handled ransomware attacks avoided paying a ransom.
  • The damages caused by ransomware attacks weighed on the respondents’ outlook for the next two years. Going forward, they are three times more concerned by ransomware and malware than they are by any other threat.

Survey Methodology

IDC conducted a web survey, commissioned by Magnet Forensics, of 466 digital forensics and incident response decision-makers and practitioners between Sept. 15 and Oct. 15, 2021. The respondents all work at organizations with 500 or more employees, across a variety of industries, and are stationed in the U.S., Canada, the U.K., Germany, and France. The results have a margin of error of +/- 4.35 percent at a confidence interval of 95 percent.

You can read the full report here.