According to the results of a recent survey of 597 U.S. IT and IT security professionals, 34 percent of respondents said C-level executives are never updated on security incidents, 36 percent said they’re only updated on a need-to-know basis, 23 said they’re only updated annually, and just 7 percent said they’re updated weekly or monthly.
The survey, conducted by the Ponemon Institute on behalf of Cyphort, also found that just 36 percent of respondents believe IT has the information required to make the C-suite aware of the potential risks posed by cyber threats, and whether or not the organization has a strong security posture. As a result, just 47 percent of respondents said C-level executives are concerned about cyber attacks against the companies.
Still, 63 percent of respondents said their companies had been the victims of one or more advanced attacks in the past year.
Just 39 percent of respondents rate their ability to detect a cyber attack as highly effective, only 30 percent rate their ability to prevent cyber attacks as highly effective, and just 17 percent rate their ability to prioritize alerts as highly effective.
“[D]espite such catastrophic data breaches as Target and Sony, cyber threats are not getting appropriate attention from senior leadership they deserve,” Ponemon Institute chairman and founder Larry Ponemon said in a statement. “Companies are still struggling to have an effective strategy to prevent and detect malware and advanced threats.”
The key barriers to remediation of advanced threat attacks, the survey found, are lack of visibility of threat activity across the enterprise (76 percent), inability to prioritize threats (63 percent), and lack of in-house expertise (55 percent).
A separate survey of 350 U.S. IT professionals, conducted by Research Now on behalf of Barkly, found that only 50 percent of respondents are confident in their current endpoint solution, and 54 percent don’t believe their organization can effectively measure security ROI.
Almost one in five respondents believe that effective endpoint security is impossible.
Forty-one percent of respondents said they’re dissatisfied with their current security solution because it slows down their system. Other reasons for dissatisfaction with current solutions are that they require too many updates (36 percent), are too expensive (33 percent), and provide no protection against zero-day attacks (33 percent).
Just 25 percent of respondents said they’re confident in their colleagues’ security awareness. And while 40 percent of IT pros believe security is an essential priority for their organization, only 26 percent of executives believe the same.
“This report proves that from the CISO to the entry-level IT pro, organizations must be better aligned when it comes to security,” Barkly co-founder and CTO Jack Danahy said in a statement. “When there’s a disconnect in priorities, level of understanding and measurement, even a seemingly strong security initiative is destined to fail. Once teams understand each other’s priorities and concerns around security, they can implement the tools they really need, that will best protect their endpoints from ever-increasing, complex threats.”
A separate survey of 150 IT and IT security professionals, conducted by the Enterprise Strategy Group on behalf of Tufin, found that 63 percent of respondents said network security operations has become more difficult over the past two years.
Key drivers cited for the increase in difficulty were the addition of more devices to the network (55 percent), increases in the number of networking and security technologies in use (52 percent), and the deployment of numerous new applications (50 percent).
Recent eSecurity Planet articles have offered 6 tips for CISOs selling security to the board, and asked 3 questions every CISO should answer.
