Hope is not a strategy, we need more healthy paranoia
35 percent of security experts believe leadership within their organization lacks a healthy paranoia, with 21 percent of leadership “relying on hope as a strategy” to avoid a cyber security breach.
Conducted live during the week of Black Hat, DomainTools’ findings indicate that nearly half of those polled worry that the DNA of their organization is not security-driven, citing a lack of situational awareness within the company. Not surprisingly, the number one complaint was that the leadership team was making decisions without involving the security team – those closest to the risk.
Budgets are not keeping pace with the acceleration of cyberthreats, with nearly half (47 percent) of respondents stating their budgets were inadequate for the task at hand and two-thirds of the remaining group stating a desire for more funding above the current “acceptable” levels.
These findings mirror a recent PwC 2015 Global State of Information Security Report, which indicated that although cyber security incidents have increased by 66 percent year-over-year since 2009 and are costing 34 percent more in financial loss since 2013, security budgets have declined 4 percent.
Other key findings of the survey include:
- 40 percent believe infrastructure and tools are an overlooked priority at their company.
- 58 percent of security experts cited a lack of security-focused education within the organization as a top concern.
- Nearly one third of security executives are concerned that leadership views security as an “IT problem”, reinforcing a siloed mentality.
- 40 percent of security executives believe leadership is starving the security team of resources due in part to the unwillingness to understand how key security initiatives can be used to mitigate potential breaches.
“Despite the general increased awareness about security breaches within the public domain, we were surprised that nearly half of security executives felt their organization lacked a security-centric DNA,” said Tim Chen, CEO of DomainTools. “As we have seen with great clarity over the last 12-24 months, safety of a company’s employees, customers and brand all run through the security organization whether a CEO prefers that or not.”