The explosion of interest in cyber security and liability insurance has no better advocate than the security professionals themselves, of whom almost one in three feel their own current enterprise security systems are in need of an overhaul.
The findings from the survey, ‘Roadblocks, Refresh, and Raising the Human Security IQ,’ reveals that 29 per cent of Canadian respondents would do a complete overhaul of their current security system if they had the resources and opportunity.
“This Ponemon Institute security survey highlights that a lack of communication, education and inadequate security systems is making it possible for cybercriminals to attack organizations across the globe,” said John McCormack, Websense CEO. “It's not surprising that many security professionals are disappointed with the level of protection their current solutions provide, as many still use legacy solutions that cannot disrupt the kill chain to prevent data theft.”
The survey, released by Websense, Inc., uncovers the communication challenges between IT security professionals and executives, a desire to overhaul current security systems and limited security knowledge among executives and employees.
The some 250 Canadian IT security professionals who were surveyed revealed a knowledge and resource gap in the enterprise – leading to an increased level of vulnerability and risk of data security breaches. (continued.)
#pb#
“Advanced persistent threats and data exfiltration attacks rank as the top fears for IT security professionals,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “These fears manifest because they believe their technology is in need of an overhaul and there is a widening gap in the knowledge and resource sharing among IT security professionals and executive staff. Encouragingly, the survey revealed plans for technology and education investment in place for the future.”
Other countries included in the survey were Australia, Brazil, China, France, Germany, Hong Kong, India, Italy, Mexico, the Netherlands, Singapore, Sweden, United Kingdom and the United States.
Learn more about the global cost of cyber hacking, 'Cyber crime costs the world $484 billion'
Findings revealed a global consensus that organizations must fix the communication gap between the security and executive teams to protect against advanced, data stealing attacks.
Communication Roadblocks between Security Professionals and Executives:
- Twenty-three percent of Canadian cyber security teams never speak with their executive team about cyber security;
- Of those that did, nearly a quarter (23 percent) spoke just annually, with 24 percent speaking semi-annually. Only 13 percent of IT Canadian security professionals surveyed spoke with their executive team quarterly. Two percent spoke weekly; and
- Only 31 percent of Canadian IT and IT security practitioners believe their companies invest enough in skilled personnel and technologies to be effective in executing against their company's cyber security objectives and mission. (continued.)
#pb#
Security Teams Call for a Complete Security System Refresh:
- Twenty-nine percent of Canadian respondents would do a complete overhaul of their current enterprise security system if they had the resources and opportunity;
- Nearly half (51 percent) felt frequently disappointed with the level of protection a security solution they had procured ended up offering them. Only 13 percent had never been disappointed in their security solutions;
- Forty-four percent believe a data breach would trigger a change of security vendors;
- APT's and data exfiltration attacks rank as the top fears for Canadian IT security professionals; and
- Encouragingly, 46 percent say they are planning on making significant investments and adjustments to their cyber security defences during the next 12 months.
Raising the Human Security IQ:
- Only 31 percent of Canadian IT pros feel that their company is investing enough in skilled personnel and technologies to be effective in executing its cyber security objectives or mission;
- Forty-three percent of Canadian companies do not provide cyber security education to their employees, with only six percent planning to do so in the next 12 months;
- Under half (43 percent) had undergone a cyber threat modelling process in their present role. Of those that did, nearly all (94 percent) found it to be important in terms of managing their cyber risk; and
- Security professionals feel the top three events that would compel Canadian executive teams to allocate more money to cyber security initiates are: exfiltration of intellectual property (70 percent), data breach involving customer data (58 percent), and loss of revenues because of system downtime (46 percent).
How can brokers change the corporate disconnect on potential cyber threats? Click here to find out more.
