Posted by Heidi Schwartz
Websense, Inc. has released new findings from the global Ponemon Institute survey, “Roadblocks, Refresh, & Raising the Human Security IQ,” which uncovered the communication challenges between IT security professionals and executives. The survey of nearly 5,000 professionals reveals a knowledge and resource gap in the enterprise–leading to an increased level of vulnerability and risk of data security breaches.
“This Ponemon Institute security survey highlights that a lack of communication, education, and inadequate security systems is making it possible for cybercriminals to attack organizations across the globe,” said John McCormack, Websense CEO. “It’s not surprising that many professionals are disappointed with the level of protection their current solutions provide, as many still use legacy solutions that cannot disrupt the kill chain to prevent data theft.”
The “Roadblocks, Refresh, & Raising the Human Security IQ” report revealed a global consensus that organizations must fix the communication gap between the security and executive teams to protect against advanced, data stealing attacks.
Communication Roadblocks between Security Professionals and Executives:
- Thirty-one percent of cyber security teams never speak with their executive team about cybersecurity.
- Of those who did, nearly a quarter (23%) spoke just annually, with a further 19% semi-annually. Only 11% spoke with them quarterly, and 1% spoke weekly.
- Only 38% believe their companies invest enough in skilled personnel and technologies to be effective in executing against their company’s cybersecurity objectives and mission
Security Teams Call for a Complete Security System Refresh:
- Twenty-nine percent of respondents would do a complete overhaul of their current enterprise security system if they had the resources and opportunity.
- Nearly half (47%) felt frequently disappointed with the level of protection a solution they had procured ended up offering them. Only 12% had never been disappointed by their solutions.
- Fifty-six percent believe a data breach would trigger a change of vendors.
- APT’s and data exfiltration attacks rank as the top fears for professionals.
- Encouragingly, 49% say they are planning on making significant investments and adjustments to their cyber security defenses during the next 12 months.
Raising the Human Security IQ:
- Fifty-two percent of companies do not provide cybersecurity education to their employees, with only 4% planning to do so in the next 12 months.
- Under half (42%) had undergone a cyber threat modeling process in their present role. Of those who did, nearly all, (94%) found it to be important in terms of managing their cyber risk.
- Security professionals feel the top three events that would compel executive teams to allocate more money to cyber security initiates are: exfiltration of intellectual property (67%), data breach involving customer data (53%), and loss of revenues because of system downtime (49%).
“Advanced persistent threats and data exfiltration attacks rank the top fears for IT security professionals,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “These fears manifest because they believe their technology is in need of an overhaul and there is a widening gap in the knowledge and resource sharing among IT security professionals and executive staff. Encouragingly, the survey revealed plans for technology and education investment in place for the future.”
In addition to the survey results, the report also includes conclusions drawn from the data and recommendations for addressing the gaps in security technology, communication, and education. A full copy of the report, including survey methodology, consolidated results and individual response rates by country is available here .