CISOs See Incidents Growing and Preparedness Waning

Written by

When it comes to cybersecurity and preparedness, a recent survey paints a grim picture: A full 66% of CISOs believe their organization will experience a data breach or cybersecurity exploit that will seriously diminish shareholder value in the future – even as security postures aren’t likely to improve.

A survey from Ponemon Institute and defense contractor Raytheon of 1,100 senior-level IT and IT security global practitioners found that 54% of CISOs believe that their cybersecurity posture will either stay the same (35% of respondents) or decline (19% of respondents) in the coming year. Just 46% believe their cybersecurity strategy will improve, down from 59% in 2015. Also, 60% expect their companies will have to spend more to achieve regulatory compliance and respond to lawsuits and litigation.

However, worries and concerns are escalating. On the internet of things (IoT) security front, with the use of IoT devices in organizations being inevitable, 82% of respondents predict unsecured IoT devices will cause a data breach in their organizations. To boot, 80% said such a breach could be catastrophic.

Further, 67% believe cyber-extortion, such as ransomware and data breaches, will increase in frequency and payout, and 60% predict nation-state attacks against government and commercial organizations will worsen and could potentially lead to a cyber-war.

The report postulated that the disconnect between impending threat and readiness is critical and will lead to 2018 being even more breach heavy than 2017.

“Our hope is that CISOs and senior leaders can use this report as a tool to start a deep dialogue about the critical need for cybersecurity within their organizations,” said Raytheon chairman and CEO Thomas Kennedy. “Every day the cyber-threat is growing more sophisticated and aggressive, posing a real threat to global businesses across all sectors. To reduce risks, leaders must urgently work with their IT teams to identify potential vulnerabilities, develop an action plan and make the investments needed to protect the value of their organization.”

The 2018 Study on Global Megatrends in Cybersecurity, however, also shows that despite growing threats, 64% of IT professionals believe cybersecurity is still not considered a strategic priority among senior leadership. Senior leadership are seen as seemingly disengaged in the oversight of their organization’s cybersecurity strategy, with 68% of CISO/IT executives surveyed saying their boards are not being briefed on measures taken to prevent or mitigate the consequences of a cyber-attack.

“Conversations around cybersecurity resiliency are happening among our nation’s top intelligence chiefs, yet business leaders still have not made cybersecurity a business priority,” said Larry Ponemon, chairman and founder of Ponemon Institute. “This important research reveals an urgent need for executives to appropriately address cyber-threats against their organizations.”

What’s hot on Infosecurity Magazine?