Companies Expect Cyber-Attacks but Aren't Prepared
-
Companies Expect Cyber-Attacks but Aren't Prepared
Most security leaders expect a cyber-attack to strike this year, but many of them are unprepared and struggling to keep pace with the threat environment. -
Increase in Cyber-Attacks in 2016
53% of the security leaders surveyed reported a year-over-year increase in cyber-attacks for 2016, but only 46% of the respondents have confidence in their cyber-defense teams. -
Changing Threat Entry Points
IoT overtook mobile as a primary focus for cyber-defense, as 97% of organizations saw a rise in the use of networked devices. Cyber-security professionals need protocols to safeguard these new threat entry points. -
Malicious Attacks
78% of the security leaders surveyed reported malicious attacks that impaired their operations or user data. -
Ransomware Thrives
62% of respondents reported ransomware attacks, but only 53% have a formal process to address them. -
Security Controls Not Tested Routinely
Only 31% of the security leaders surveyed said they routinely test their security controls, and 13% never test them. 16% do not have an incident response plan. -
CISOs Struggle to Fill Jobs
65% of respondents employ a CISO, up from 50% the prior year, but they continue to struggle to fill cyber-security jobs. Only 30% received at least 10 applicants for an open position, and less than half of them were qualified. -
Meager Training Budgets
Though organizations understand that security training is critical to addressing skills gaps, 25% of surveyed companies have training budgets of less than $1,000 per security team member -
Biggest Skills Gaps
Ability to understand the business: 52% Technical skills: 25% Communication Skills: 17% -
Budgets Growth Slows
50% of the security leaders surveyed expect budget increases this year, but that's down from 61% last year.
According to the "State of Cyber-Security 2017" research study from the Independent Systems Audit and Control Association (ISACA), 80 percent of survey respondents expect a cyber-attack to strike their organization this year, but many remain unprepared and are struggling to keep pace with the threat environment. "There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner," said Christos Dimitriadis, ISACA board chair and group head of information security at Intralot. "Cyber-security professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced and prepared." The survey compiled information from 600 security leaders around the world. The report is the second part of a series on cyber-security. The first part of this ISACA study was released in January 2017 and reported that security leaders continue to struggle to fill cyber-security positions.