Home →Security →Companies Expect Cyber-Attacks but Aren't Prepared

Companies Expect Cyber-Attacks but Aren't Prepared

By Karen A. Frenkel | Posted 07-21-2017

1 of

Companies Expect Cyber-Attacks but Aren't Prepared

Most security leaders expect a cyber-attack to strike this year, but many of them are unprepared and struggling to keep pace with the threat environment.
Increase in Cyber-Attacks in 2016

53% of the security leaders surveyed reported a year-over-year increase in cyber-attacks for 2016, but only 46% of the respondents have confidence in their cyber-defense teams.
Changing Threat Entry Points

IoT overtook mobile as a primary focus for cyber-defense, as 97% of organizations saw a rise in the use of networked devices. Cyber-security professionals need protocols to safeguard these new threat entry points.
Malicious Attacks

78% of the security leaders surveyed reported malicious attacks that impaired their operations or user data.
Ransomware Thrives

62% of respondents reported ransomware attacks, but only 53% have a formal process to address them.
Security Controls Not Tested Routinely

Only 31% of the security leaders surveyed said they routinely test their security controls, and 13% never test them. 16% do not have an incident response plan.
CISOs Struggle to Fill Jobs

65% of respondents employ a CISO, up from 50% the prior year, but they continue to struggle to fill cyber-security jobs. Only 30% received at least 10 applicants for an open position, and less than half of them were qualified.
Meager Training Budgets

Though organizations understand that security training is critical to addressing skills gaps, 25% of surveyed companies have training budgets of less than $1,000 per security team member
Biggest Skills Gaps

Ability to understand the business: 52% Technical skills: 25% Communication Skills: 17%
Budgets Growth Slows

50% of the security leaders surveyed expect budget increases this year, but that's down from 61% last year.
- Companies Expect Cyber-Attacks but Aren't Prepared
  
  View Slideshow »
View All Slideshows >

According to the "State of Cyber-Security 2017" research study from the Independent Systems Audit and Control Association (ISACA), 80 percent of survey respondents expect a cyber-attack to strike their organization this year, but many remain unprepared and are struggling to keep pace with the threat environment. "There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner," said Christos Dimitriadis, ISACA board chair and group head of information security at Intralot. "Cyber-security professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced and prepared." The survey compiled information from 600 security leaders around the world. The report is the second part of a series on cyber-security. The first part of this ISACA study was released in January 2017 and reported that security leaders continue to struggle to fill cyber-security positions.

Karen A. Frenkel writes about technology and innovation and lives in New York City.