40% of IT security teams keep executives in the dark
A new survey uncovered the communication challenges between IT security professionals and executives, a desire to overhaul current security systems and limited security knowledge among executives and employees, according to Websense.
The survey of nearly 5,000 global IT security professionals reveals a knowledge and resource gap in the enterprise- leading to an increased level of vulnerability and risk of data security breaches.
The report surveyed IT security practitioners with an average of 10 years’ experience in the field from 15 countries: Australia, Brazil, Canada, China, France, Germany, Hong Kong, India, Italy, Mexico, the Netherlands, Singapore, Sweden, United Kingdom and the United States. Findings reveal a global consensus that organizations must fix the communication gap between the security and executive teams to protect against advanced, data stealing attacks.
Communication roadblocks between security professionals and executives:
- Two-fifths of UK cyber security teams (40 percent) never speak with their executive team about cyber security, compared to 31 percent globally.
- Of those that did, nearly a quarter (22 percent) spoke just annually, with a further 15 percent biannually.
- Only 42 percent believe their companies invest enough in skilled personnel and technologies to be effective in executing against their company’s cyber security objectives and mission, compared to 38 percent globally.
Security teams call for a complete security system refresh:
- Over a third of the UK respondents (36 percent) would do a complete overhaul of their current enterprise security system if they had the resources and opportunity, compared to 29 percent of their global compatriots.
- Half the UK respondents felt frequently disappointed with the level of protection a security solution they had procured ended up offering them, compared to 47 percent globally. Only one in eight (12 percent) had never been disappointed in their security solutions.
- Nearly two thirds of UK security professionals (64 percent) believe a data breach would trigger a change of security vendors, compared to 56 percent globally.
- APTs and data exfiltration attacks rank as the top fears for IT security professionals.
- Encouragingly, 49 percent say they are planning on making significant investments and adjustments to their cyber security defences during the next 12 months.
Raising the human security IQ:
- Only two-fifths of UK respondents (42 percent) feel that their company is investing enough in skilled personnel and technologies to be effective in executing its cyber security objectives or mission, compared to 38 percent globally.
- Over half the UK respondents’ companies (54 percent) do not provide cybersecurity education to their employees, compared to 52 percent globally. Only 4 percent plan to do so in the next 12 months.
- Only around one third of the UK firms (36 percent) had undergone a cyber threat modelling process in their present role. Of those that did, nearly all (94 percent) found it to be important in terms of managing their cyber risk.
- Security professionals feel the top three events that would compel executive teams to allocate more money to cyber security initiates are: Exfiltration of intellectual property (85 percent), data breach involving customer data (52 percent of respondents) and loss of revenue because of system downtime (49 percent), which is a similar trend globally.
“Advanced persistent threats and data exfiltration attacks rank the top fears for IT security professionals,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “These fears manifest because they believe their technology is in need of an overhaul and there is a widening gap in the knowledge and resource sharing among IT security professionals and executive staff. Encouragingly, the survey revealed plans for technology and education investment in place for the future.”