A majority of CISOs foresee cyber-terrorism and cybercrime posing significant risks to their organizations over the next three years.
The Global Megatrends in Cybersecurity 2015 survey from the Ponemon Institute found there to be a disturbing lack of resources and a critical disconnect between CISOs and senior leadership at work. In and of themselves, these points are new issues, but against the growing threat landscape, the fact that they are preventing companies from adequately addressing cybersecurity threats will have real consequences.
A majority of respondents (78%) said their board of directors has not been briefed on their organization’s cybersecurity strategy in the last 12 months. In addition, 66% of respondents believe senior leaders in their organization do not perceive cybersecurity as a strategic priority, and another two-thirds (also 66%) of those surveyed indicated their organizations need more knowledgeable and experienced cybersecurity practitioners.
Further, less than half of respondents (47%) believe their organizations take appropriate steps to comply with the leading cybersecurity standards. And fewer than half of all respondents (47%) say their organizations have sufficient resources to meet cybersecurity requirements.
“You don’t have to wait until you’re attacked to take cybersecurity seriously,” said Jack Harrington, vice president of cybersecurity and special missions at Raytheon Intelligence, Information and Services, which sponsored the survey. “From the board room to the President’s desk, rallying around the cybersecurity issue is critical to address the real threats we face as a global society.”
Also, surveyed CISOs believe that when it comes to cybersecurity, the three most important technologies in the future will involve big data analytics, forensics and next-gen firewalls. Yet the inability to meet threats in emerging areas persists. For instance, only one-third of those surveyed believe their organizations are prepared to deal with the cybersecurity risks associated with the Internet of things (IoT) and the proliferation of IoT devices.
Among the findings were also some signs of optimism, as a majority of those surveyed believe cybersecurity awareness through training will improve over the next three years. Also, most security professionals expect their organization’s cyber-posture to improve during that same timeframe.
“High-profile cybersecurity breaches are closing the gap between CISOs and CEOs by forcing meaningful security discussions into corner offices and boardrooms,” said Larry Ponemon, chairman and founder of Ponemon Institute. “In the meantime, our study found there is still a large delta between resources and needs, as security leaders lack both funding and manpower to adequately protect assets and infrastructure.”
The report also examined anticipated cyber-trends across industries in the next three years. Nearly half (47%) of respondents believe zero-day threats will become one of the most prevalent cyber threats. More than one-third (35%) believe attacks on critical infrastructure will become one of the world’s five most prevalent threats.
Also, senior IT leaders see the use of virtual currencies as a low risk to their organizations today but becoming a very high risk to their organizations in the future.