Chief Information Security Officers (CISOs) are feeling less confident than ever about cyber risk and data security, a new Ponemon Institute survey shows. As today’s climate of high-profile data breaches continues, 66 percent of respondents believe their companies are more likely to fall victim to a cyberattack or data breach in 2018. And, 60 percent are more concerned about a data breach from a third party, such as a partner or vendor.
Sponsored by Opus and conducted by Ponemon Institute in late 2017, the survey reveals insights from 612 CISOs, CIOs and other information security professionals across a broad range of industries.
The top security threat on CISOs’ minds isn’t technology, hackers or malware but the human factor, with 70 percent of CISOs stating that ‘lack of competent in-house staff’ is their number one concern and 65 percent giving ‘inadequate inhouse expertise’ as the top reason they are likely to have a data breach. Many respondents (65 percent) also believe it’s highly likely they’ll experience credential theft due to a careless employee falling for a phishing scam.
Other key factors singled out as likely reasons for data breaches include the inability to protect sensitive and confidential data from unauthorized access (59 percent); inability to keep up with the sophistication of the attackers (56 percent); and failure to control third parties’ use of sensitive data (51 percent).
Disruptive technologies are also a concern, with IoT devices considered the most challenging to secure (60 percent of respondents), followed by mobile (54 percent) and cloud (50 percent).
Despite the risks, less than half believe their IT security budgets will go up.
