93 Percent of Corporate Security Officials Say Human Behavior Presents Greatest Threat

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

According to a recent report based on in-depth interviews with 28 corporate security officials, 93 percent of respondents said human behavior presents the biggest threat to their organizations' security, up from 88 percent in a similar survey in 2014.

The report, "Defending Data: Turning Cybersecurity Inside Out With Corporate Leadership Perspectives on Reshaping Our Information Protection Practices," was written by Ari Kaplan Advisors and sponsored by Nuix.

Seventy-one percent of respondents said their organization has an insider threat program or policy, and 14 percent said they allocate 40 percent or more of their budget to insider threats. "There's been a shift in allocation toward looking internally, rather than at the perimeter," one respondent said.

Still, while 93 percent of respondents said they were able to identify their critical value data, only 69 percent said they knew what people did with that data after accessing it.

Among those respondents that have an insider threat program or policy, 90 percent have designated a senior official to provide oversight, and 70 percent offer their employees training to minimize risk.

"We're seeing a lot more hands-on training, employee monitoring, and testing to address the issue," report author Ari Kaplan said in a statement.

Separately, a recent Cybrary survey of 435 senior level technology professionals found that 68 percent of respondents said there's a global shortage of skilled cyber security professionals.

More than 80 percent of respondents said they always or sometimes have trouble recruiting skilled cyber security professionals, for a variety of reasons including lack of skilled cyber security talent in general (40 percent), lack of resources to properly find and attract talent (18 percent), and location of talent (14 percent).

About 47 percent of respondents said their company plans to hire between one and 10 cyber security employees in 2016.

"Companies with pressing cyber security needs are finding that there's a major lack of qualified professionals to fill their positions, which makes them vulnerable to cyber attacks," Cybrary co-founder Ryan Corey said in a statement.

Recent eSecurity Planet articles have looked at bad security habits that drive CISOs crazy, and examined the importance of providing security training to employees.

Submit a Comment

Loading Comments...