Shift in cybersecurity pressures from the boardroom to individual professionals

Trustwave has released its 2017 Security Pressures Report, based on a global survey of 1,600 information security decision makers that measures the immense pressure in-house cybersecurity professionals face and the key drivers behind that pressure.

  • 7 years ago Posted in
The fourth-annual report also provides a year-over-year comparison of 2015 and 2016 and includes regional viewpoints from the United States, Canada, United Kingdom, Australia, Singapore and, for the first time, Japan. The report offers recommendations to help businesses ease employee distress and create higher-performing security teams.
 
The new study shows that while 53% of respondents report increased pressure in trying to secure their organization, there has been a shift in the source of this stress. Security is now becoming more personal, with 24% of respondents citing pressure exerted by oneself as the second-biggest human pressure pusher, up 13% from the previous year. This is compared to 46% citing the most people pressure coming from boards, owners and C-level executives, which dropped 13% in the last year. This shift in pressure highlights that individuals may be starting to understand the bigger role they play in helping to enable their organization’s security posture.
 
Other key findings from the 2017 Security Pressures Report from Trustwave include:
 
?      Daunting repercussions for individuals and businesses alike: Forty-two percent of respondents cited their biggest fear following a cyberattack or breach was reputational damage to themselves and their company. This fear took the lead ahead of financial damage to one’s company (38%) and termination (11%).
?       Managing on a global scale: Thirty-one percent of respondents partnered with a managed security services provider (MSSP) to help compensate for lack of skilled security professionals, while 26% of respondents are involved in a partnership between in-house teams and an MSSP.
?       Quality over quantity: In terms of operational pressure, shortage of security expertise has emerged as the second biggest pressure facing security pros at 15%, behind advanced security threats at 29%. Although companies are facing a large skills gap, 24% of respondents would rather increase the security skills among staff members rather than increase their staff (3%), confirming the desire to grow their skills versus throwing bodies at the pressures they face.
?       Computer kidnapping: Thirty percent of respondents rank customer data theft as the most worrisome outcome of a cyberattack or data breach. Next is ransomware, for which 18% of respondents view as the most unsettling post-incident consequence.
?       Internal vs. external: Respondents are nearly evenly split on who they are more pressured to protect against, with 51% citing external threats (a drop of 7% from last year) and 49% naming internal threats.
?       Progress in prioritizing security over speed: Sixty-five percent of respondents felt pressure to roll out IT projects before they had undergone necessary security checks/repairs, compared to 77% over the previous two years. Thirty-five percent of respondents did not feel pressured to deploy new technology quickly, up 12% from last year.
?       Latest and greatest: Pressure to select security technologies containing the latest features dropped from 74% in last year’s report to 64% this year, despite 27% of respondents citing that they lack the proper in-house resources to effectively use them.
 
“Findings show that the pressures cybersecurity professionals face have become much more personal than in previous years, as executives recognize that pressure does not translate into better performance –  instead it may lead to stress, burnout, and faults,” said Chris Schueler, senior vice president of Managed Security Services at Trustwave. “In an era where security talent is at a premium, organizations cannot afford to lose these skilled individuals. My advice to those facing these pressures head on is to no longer think of security as a siloed discipline. To build a successful security program, you must establish both internal and external allies. Partnering with a managed security service provider can help compensate for and amplify areas of your security program that you find too complex or lack the internal resources to address.”
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...