The majority of senior-level IT professionals fully expect their organization will experience a catastrophic data breach that could greatly impact shareholder value, according to a study conducted by the Ponemon Institute.
Is cybersecurity a strategic priority? (Yes responses)
The 2018 Global Megatrends in Cybersecurity survey of 1,100 senior-level IT and IT security global practitioners also shows that despite growing threats, IT professionals believe cybersecurity is still not considered a strategic priority among senior leadership.
“Our hope is that CISOs and senior leaders can use this report as a tool to start a deep dialogue about the critical need for cybersecurity within their organizations,” said Raytheon Chairman and CEO Thomas A. Kennedy. “Every day the cyber threat is growing more sophisticated and aggressive, posing a real threat to global businesses across all sectors. To reduce risks, leaders must urgently work with their IT teams to identify potential vulnerabilities, develop an action plan and make the investments needed to protect the value of their organization.”
The study looks at how cyber trends have evolved since 2015. It also asks security professionals in the U.S., Europe, Middle East and North Africa to identify future trends over the next three years. Key findings include:
- 82% of respondents predict their workplace will suffer a catastrophic data breach in the next three years as a result of unsecured IoT devices. 66% say such an attack would seriously diminish shareholder value.
- 67% believe cyber extortion, such as ransomware and data breaches will increase in frequency and payout.
- 60% predict nation-state attacks against government and commercial organizations will worsen and could potentially lead to a cyber war.
- 46% believe their cybersecurity strategy will improve, down from 59% in 2015.
- 60% expect their companies will have to spend more to achieve regulatory compliance and respond to lawsuits and litigation.
Despite growing concerns about sophisticated and persistent cyber threats, only 36% of respondents believe senior leadership consider cybersecurity a strategic priority. Senior leadership are also seen as seemingly disengaged in the oversight of their organization’s cybersecurity strategy with 68% of CISO/IT executives surveyed saying their Boards are not being briefed on measures taken to prevent or mitigate the consequences of a cyberattack.
Predictions about technologies and practices (Strongly agree and Agree responses combined)
“Conversations around cybersecurity resiliency are happening among our nation’s top intelligence chiefs, yet business leaders still have not made cybersecurity a business priority,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “This important research reveals an urgent need for executives to appropriately address cyber threats against their organizations.”