Chief Information Security Officers (CISOs) are feeling less confident than ever about cyber-risk and data security this year. That is according to a new survey from Opus, a provider of compliance and risk management products, and data and privacy research body the Ponemon Institute. A majority, 67pc of respondents believe their companies are more likely to fall victim to a cyber-attack or data breach in 2018. And, 60pc are more concerned about a data breach from a third party, such as a partner or vendor.
Sponsored by Opus and conducted by Ponemon Institute in late 2017, the survey covered 612 CISOs, CIOs and other information security people across a range of industries. The top security threat on CISOs’ minds isn’t technology, hackers or even malware but the human factor, with 70pc of CISOs calling “lack of competent in-house staff” their number one concern and 65pc stating “inadequate in-house expertise” as the top reason they are likely to have a data breach. Respondents also believe it’s highly likely they’ll experience credential theft due to a careless employee falling for a phishing scam – a 65pc chance – even more likely than a malware attack, a data breach or a cyber-attack.
Other factors singled out as likely reasons for data breaches include the inability to protect sensitive and confidential data from unauthorized access (59pc); inability to keep up with the sophistication of the attackers (56pc); and failure to control third parties’ use of sensitive data (51pc). Disruptive technologies are also a concern, with IoT devices considered the most challenging to secure (60pc of respondents), followed by mobile (54pc) and cloud (50pc). Despite the risks, less than half believe their IT security budgets will go up. Most, 69pc of respondents anticipate their roles will be even more stressful in 2018 and 45pc fear job loss in the event of a data breach.
More than a third do see a path to a stronger cyber-security posture, and half say their boards are becoming more involved in IT security, providing more internal support. Top areas CISOs identified that could drive improvement included cyber-intelligence, staffing and leadership – underscoring once again the importance of humans to information security – as well as technology improvements.
Dov Goldman, VP, Innovation & Alliances of Opus, said, “Once again, we find that people – not just third parties – are the weak link in information security. Smart companies can’t prevent all data breaches, but implementing solid risk management programs supported by good governance, training, proven frameworks and robust technology will go a long way to reducing risk and alleviating CISO stress.”
Mr Goldman recommended best practices including evaluating the security and privacy practices of all vendors and third parties; creating an inventory of all third parties; and improving security posture using ongoing monitoring.
Comment
Dr. Larry Ponemon said: “It’s not an easy time to be a CISO – there’s a lot of pain obvious in these survey results. Data breaches and cyber-attacks continue to plague organizations and the responsibility of protecting sensitive data stops with the CISO. It’s critical that companies support CISOs and reduce risk by implementing standard processes, including policy review and documentation, senior leadership and board member oversight, as well as other safeguards to reduce their vulnerability.”
To download the survey results, visit www.opus.com/2018-ciso-survey-ponemon-institute/.
