The fourth-annual report also provides a year-over-year comparison of 2015 and 2016 and includes regional viewpoints from the United States, Canada, United Kingdom, Australia, Singapore and, for the first time, Japan. The report offers recommendations to help businesses ease employee distress and create higher-performing security teams.
The new study shows that while 53% of respondents report increased pressure in trying to secure their organization, there has been a shift in the source of this stress. Security is now becoming more personal, with 24% of respondents citing pressure exerted by oneself as the second-biggest human pressure pusher, up 13% from the previous year. This is compared to 46% citing the most people pressure coming from boards, owners and C-level executives, which dropped 13% in the last year. This shift in pressure highlights that individuals may be starting to understand the bigger role they play in helping to enable their organization’s security posture.
? Daunting repercussions for individuals and businesses alike: Forty-two percent of respondents cited their biggest fear following a cyberattack or breach was reputational damage to themselves and their company. This fear took the lead ahead of financial damage to one’s company (38%) and termination (11%).
? Managing on a global scale: Thirty-one percent of respondents partnered with a managed security services provider (MSSP) to help compensate for lack of skilled security professionals, while 26% of respondents are involved in a partnership between in-house teams and an MSSP.
? Quality over quantity: In terms of operational pressure, shortage of security expertise has emerged as the second biggest pressure facing security pros at 15%, behind advanced security threats at 29%. Although companies are facing a large skills gap, 24% of respondents would rather increase the security skills among staff members rather than increase their staff (3%), confirming the desire to grow their skills versus throwing bodies at the pressures they face.
? Computer kidnapping: Thirty percent of respondents rank customer data theft as the most worrisome outcome of a cyberattack or data breach. Next is ransomware, for which 18% of respondents view as the most unsettling post-incident consequence.
? Internal vs. external: Respondents are nearly evenly split on who they are more pressured to protect against, with 51% citing external threats (a drop of 7% from last year) and 49% naming internal threats.
? Progress in prioritizing security over speed: Sixty-five percent of respondents felt pressure to roll out IT projects before they had undergone necessary security checks/repairs, compared to 77% over the previous two years. Thirty-five percent of respondents did not feel pressured to deploy new technology quickly, up 12% from last year.
? Latest and greatest: Pressure to select security technologies containing the latest features dropped from 74% in last year’s report to 64% this year, despite 27% of respondents citing that they lack the proper in-house resources to effectively use them.
“Findings show that the pressures cybersecurity professionals face have become much more personal than in previous years, as executives recognize that pressure does not translate into better performance – instead it may lead to stress, burnout, and faults,” said Chris Schueler, senior vice president of Managed Security Services at Trustwave. “In an era where security talent is at a premium, organizations cannot afford to lose these skilled individuals. My advice to those facing these pressures head on is to no longer think of security as a siloed discipline. To build a successful security program, you must establish both internal and external allies. Partnering with a managed security service provider can help compensate for and amplify areas of your security program that you find too complex or lack the internal resources to address.”