The role of the Chief Information Security Officer (CISO) is not easy and as 2018 gets underway there are plenty of challenges to address. A recently launched Ponemon and Opus survey – What CISOs Worry About in 2018 – highlights the key concerns and opinions of CISOs and CIOs focusing on information security and cyber-risk.
According to the survey 67% of respondents believe their companies are more likely to fall victim to a cyber-attack or data breach in 2018 than in previous years. This is due in part to the increasing number of high profile data breaches that occurred in 2017.
The human factor is the top security threat, with 70% of CISOs calling “lack of competent in-house staff” their number one concern and 65% stating “inadequate in-house expertise” as the top reason they are likely to experience a data breach. Other key factors seen as likely reasons for a data breach include the inability to protect sensitive and confidential data from unauthorized access (59%); inability to keep up with the stealth of the attackers (56%); and failure to control third parties’ use of sensitive data (51%).
In the event of a breach 56% were worried about an inability to recover sensitive and confidential data. According to the survey, 60% of respondents consider the Internet of Things (IoT) devices the most challenging to secure, followed by mobile (54%) and cloud (50%). Even as the technical challenges facing CISOs increases so does the stress of the role itself. The survey stated that 69% of CISOs anticipate their roles will be even more stressful in 2018, and 45% even fear job loss in the event of a data breach. While negative consequences such as monetary loss and data loss are assumed, reputational damage is also a factor that can weigh heavily on the CISO.
On the positive side, 37% of respondents do see a path to improving their cybersecurity posture. Top improvements CISOs identified included:
- 65% – cyber-intelligence improvements
- 61% – improvement in staffing
- 60% – reduction in complexity
- 59% – improvement in technologies
- 54% – cybersecurity leadership
The concerns raised in the survey have only intensified. Some of the concerns such as stagnant budgets and third-party risks have remained constant. Whereas other concerns such as increased stealth and sophistication of attackers is a more recent challenge. To learn more, read the survey here.