Companies Expect Cyber-Attacks but Aren’t Prepared
Most security leaders expect a cyber-attack to strike this year, but many of them are unprepared and struggling to keep pace with the threat environment.
53% of the security leaders surveyed reported a year-over-year increase in cyber-attacks for 2016, but only 46% of the respondents have confidence in their cyber-defense teams.
IoT overtook mobile as a primary focus for cyber-defense, as 97% of organizations saw a rise in the use of networked devices. Cyber-security professionals need protocols to safeguard these new threat entry points.
78% of the security leaders surveyed reported malicious attacks that impaired their operations or user data.
62% of respondents reported ransomware attacks, but only 53% have a formal process to address them.
Only 31% of the security leaders surveyed said they routinely test their security controls, and 13% never test them. 16% do not have an incident response plan.
65% of respondents employ a CISO, up from 50% the prior year, but they continue to struggle to fill cyber-security jobs. Only 30% received at least 10 applicants for an open position, and less than half of them were qualified.
Though organizations understand that security training is critical to addressing skills gaps, 25% of surveyed companies have training budgets of less than $1,000 per security team member
Ability to understand the business: 52%
Technical skills: 25%
Communication Skills: 17%
50% of the security leaders surveyed expect budget increases this year, but that’s down from 61% last year.