santiago silver - Fotolia
The Ponemon Institute surveyed more than 500 CISOs about their organizations' cyber-risks in 2018 and found growing concerns for the coming year. The skills shortage amid looming data breaches and cyberattacks ranked high on that list, according to the CISO survey, with 70% of respondents citing lack of adequate in-house staff as the top threat in 2018 and 67% indicating their company was more likely in 2018 to suffer a data breach or cyberattack.
In addition to worries about in-house expertise, more than half of CISOs cited an inability to protect sensitive data from unauthorized access, keep up with the "sophistication and stealth" of hackers, and failure to control third parties' use of sensitive data as potential reasons for more data breaches.
Information security budgets in 2018 do not reflect growing security concerns. One-third of the CISO survey respondents pointed to inadequate funding. IT security budgets for the majority of organizations have stayed flat since last year, according to 40% of the CISOs surveyed; 36% projected an increase in 2018, while 23% expected their information security budgets to decline.
Disruptive technologies such as the internet of things also ranked high among CISOs' concerns, with 47% of respondents worried about a potential breach due to their organization's failure to secure IoT devices in the workplace. IoT, mobile and cloud ranked as the top three disruptive technologies for companies to secure in 2018. Social media and blockchain (Bitcoin) were farther down the list, cited by fewer than 25% of CISO survey respondents.
Half of respondents in the CISO survey anticipated higher involvement in security practices by the board of directors in 2018. While that is good news for many companies, 66% of CISOs said they expected the job to get more stressful in 2018. Moreover, 44% indicated that they planned to make a lateral move in their organization outside of IT security, and 40% said they expected to change careers in 2018. More results from the Ponemon survey, which was sponsored by Opus, can be found here.
Dig Deeper on Careers and certifications
CISOs turn to AI, detection, response and education
Most SMEs severely underestimate cyber security vulnerabilities
Most organisations still lack incident response plans
Encryption adoption driven by new tech and compliance