A survey of 612 Chief Information Security Officers suggests CISOs have a tough road ahead in an ongoing climate of high-profile data breaches.
The survey, sponsored by Opus and conducted by Ponemon Institute, shows 67% of CISOs and Chief Information Officers (CIOs) believe their companies will likely fall victim to a cyberattack or data breach in 2018. And 60% are concerned that a partner or vendor will be to blame.
The most threatening factors named by CISOs, in this order, are:
- The human factor (70% cited "lack of competent in-house staff")
- Inadequate in-house expertise (cited by 65% of respondents)
- Careless employee falling for a phishing scam (65% chance)
- A malware attack, a data breach or a cyberattack (unspecified percentage)
- Inability to protect sensitive and confidential data from unauthorized access (59%)
- Inability to keep up with the sophistication of the attackers (56%)
- Failure to control third parties' use of sensitive data (51%.)
- Disruptive technologies – i.e. Internet of Things (IoT) devices (60% of respondents considered these the most challenging to secure)
- Mobile (54%)
- Cloud (50%)
As readers may have already noticed, the first three bullet points actually represent the same factor: human error. Many other studies also point to the same key factors (in a similar order of importance) as responsible for most data breaches and cyberattacks.
And CISOs should know. Starting this year, their job depends on jumping over these hurdles. 45% of them fear job loss in the event of a data breach this year, and 69% anticipate their roles will be even more stressful.
The survey results don’t mention the EU General Data Protection Regulation, but the GDPR is likely a key reason behind these concerns. Starting May 25, when the new regulation goes into effect, the GDPR will compel data processing companies to protect that data, or else.
Money could be another reason. According to the same poll, less than half of CISOs believe their IT security budgets will increase – a finding that constantly crops up in such studies since 2016.
"It's not an easy time to be a CISO – there's a lot of pain obvious in these survey results,” said Dr. Larry Ponemon, Chairman of Ponemon Institute. “Data breaches and cyberattacks continue to plague organizations and the responsibility of protecting sensitive data stops with the CISO. It's critical that companies support CISOs and reduce risk by implementing standard processes, including policy review and documentation, senior leadership and board member oversight, as well as other safeguards to reduce their vulnerability."
It's not all bad news, though. Looking ahead, more than a third of respondents say they “see a path” to a stronger cybersecurity culture, and half say their boards are starting to get more involved in IT security.