Security threats are keeping CISOs awake at night. We have this on good authority: around two thirds (65 percent) of C-level information security executives surveyed admitted to it as part of our brand new Small Gains, Big Wins Study, which looks at the cyber security attitudes of 250 CIOs/ CISOs/ CSOs in UK-based companies with 500+ employees.
Looking at the security threat landscape in 2018, it’s not hard to see why infosec executives are struggling to get a good night’s sleep. The range of security threats that organisations face is more sophisticated than ever, whilst the financial and reputational stakes have never been higher.
The stuff of security nightmares
Leaked financial information and a loss of customer/stakeholder trust are particular concerns for CISOs. Almost a quarter (23 percent) of respondents cited Finance as the most at-risk department in their organisation, due to the extremely sensitive nature of the data it harbours. And almost half (42 percent) are most worried about damaging relationships with customers and stakeholders in the event of a breach.
But a breach can cause trust issues inside organisations as well as externally. According to more than half (52 percent) of respondents, previous breaches have had a marked effect on overall morale and work engagement within companies. This equates to a lot of pressure on the CISO of any organisation to ensure its security strategy and solutions are both current and effective. Reassuringly, the majority believe this to be the case – 76 percent can say with absolute certainty their company-wide security solution is completely up-to-date.
Where the risks lie
While the aforementioned confidence is admirable, is it shortsighted? The shifting security landscape certainly seems to have tempered it amongst infosec executives somewhat. Ransomware attacks have been highlighted as the number one concern – 20 percent of CISOs believe they pose the biggest threat to their organisation. Given the widespread chaos caused by attacks such as WannaCry and GoldenEye/NotPetya in 2017, this is understandable – not least because ransomware is capable of delivering both financial and reputational damage that could be irreparable.
But it’s not just ransomware that is keeping CISOs up at night. In fact, the onus is firmly on senior colleagues to prioritise security and set a company-wide example. The C-suite has been highlighted by 40 percent of respondents as the group within enterprise that is most infosec-averse, so an example needs to be set from the top down.
More broadly, the overwhelming consensus from the information security executives we surveyed is that increasing security awareness company-wide is key to reducing risk. Even some of the most sophisticated, zero-day malware attacks can be avoided if suspicious activity is spotted and flagged by vigilant employees. And with this change being so easy to implement, there is no reason not to take advantage of a big security ‘win’.