Java-based security exploits declined in 2014, partly due to a lack of new zero-day exploits, according to Cisco security researchers. The automatic patching of newer versions of the Java Runtime Environment and steps by browser vendors to block vulnerable versions of the JRE also helped, according to the Cisco 2015 Annual Security Report.

"Java's reign as the top attack vector has been on a steady downward trend for more than a year," the report states.

"The use of Flash to launch exploits has been somewhat erratic, with the biggest spike occurring in January 2014. PDF use has been constant, as many malicious actors appear to remain focused on launching highly targeted campaigns through email using PDF attachments.

"Silverlight attacks, while still very low in number compared to more established vectors, are on the rise—especially since August."

A global survey of chief information security officers and security operations mangers, the results of which were included in the report, found a perception gap between the two functions when it came to assessing the maturity of security processes in their organisations.

"CISOs are notably more optimistic than their SecOps colleagues about the state of their security," the report states.