As little as one in five (22%) IT leaders believe their organization is 'very well prepared' to identify and respond to cyber attacks, according to new research by Harvey Nash and KPMG.
Further, three in ten (28%) have had to respond to a major IT security or cyber attack on behalf of their company within the last two years, whilst 12% now believe their business is exposed in multiple areas.
George Quigley, cybersecurity partner at KPMG, explained that the complexity of cybersecurity is affecting the level of confidence among IT leaders regarding how well prepared companies are to ensure all reasonable risks are covered.
“If you look at cyber, it is a multi-dimensional problem; it’s also unpredictable, intangible and constantly changing,” he told Infosecurity. “It’s a very complex area to try and get your head around. We’ve seen a lot of large and sophisticated organizations breached, so if you’re sitting in an organization that is not as large, not as sophisticated and doesn’t have the same sort of budgets and standing, then culturally you’re also going to have your confidence dented.
"Are companies going to be bold enough to say ‘We’re really confident we can solve this problem’ when they see all of these other players being breached?”
The report also revealed substantial concerns about a lack of skills among employees, with 65% of respondents saying skills shortages are preventing them from keeping up with the pace of change in technology.
“There’s undoubtedly a significant skills gap in cyber,” Quigley said. “There are challenges in terms of getting people with a cyber-mindset; what we're finding is security companies having to invest time and money in training people. Across the industry we’re probably paying more than you would otherwise do in a normal functioning market because you’ve got to pay to retain people.
“If I had one concern in this skills gap market and what we’re doing, it's that we are still not attracting enough women into the cybersecurity field. It’s incredibly male dominated and we still struggle to attract women into the industry and I do think we would benefit from getting more women into it and widening out that pool,” he added.
Lastly, in terms of the cloud, the research discovered over a third of respondents are looking to significantly invest in cloud services this year, but almost half report data loss and privacy risks as the biggest challenge when it comes to adopting cloud technology.
KPMG’s global CIO advisory service network leader Lisa Heneghan argued that one of the main issues surrounding the cloud is that many services are being implemented outside of IT, and as such without the level of control that you would normally expect to see within the IT organization.
“There’s almost an assumption that, because these organizations professionally provide the [cloud] services, that’s going to deal with everything; therefore important things like processes and governance are not considered early enough, and there’s almost been a blindsided view of it,” she told Infosecurity.