Only 30 Percent of Firms are Confident They Can Avoid a Major Security Event in the Next Two Years
The Cybersecurity FutureWatch 2018 research report says that in terms of cyberattack preparedness in global organizations, the research also uncovered gaps between the C-suite, board and technical leaders. Among CEO and board members surveyed, 77 percent are optimistic in their firm’s ability to cope with a breach. This is in stark contrast to technical leaders on the front lines, who are approximately 20 percent more likely to predict an attack. While confidence appeared high on the surface, it waned significantly when respondents were asked in detail about their firm’s preparedness: only about a third (33 percent) are confident that high-value assets and data are adequately protected and even fewer are confident their security teams have access to the appropriate resources (30 percent) or that they are spending adequately on security (29 percent).
Other findings from the report include:
- AI and IoT Will Overtake Cloud as Biggest Emerging Technology Risk – While the majority of organizations actively adopt emerging technologies, with cloud leading the charge (72 percent), the overall risk posed by cloud over the next three years drops by nearly 20 percent. The risks posed by the adoption of artificial intelligence doubles over the next three years and IoT/IIoT risks also rise nearly 30 percent.
- Compliance No Longer Considered the Top Consequence – Operational disruption (66 percent), reputational damage and significant financial losses (54 percent) lead regulatory penalties (40 percent) as top consequences of a major security event. This trend will likely mark a shift from compliance-centric security to newer strategies that detect active attacks and reduce the risk of a business-altering outcome.
- The CISO-Board Connection Grows Stronger – More than half of respondents indicate their board is very familiar with the security budget (51 percent), overall strategy (57 percent), policies (58 percent), technologies (53 percent), and review current security and privacy risks (51 percent). Moreover, 45 percent of security officers report to the board or CEO, marking a sign of greater security maturity when compared to the 33 percent that continue to report to the CIO and 10 percent that report to a privacy or data officer.