As we start off the new year, the latest Opus-sponsored Ponemon report reveals CISOs’ top concerns for infosec and cyber risk.
- January 11, 2018
- Pat McParland
Chief information security officers (CISOs) now play an integral role in business, not just in securing internal data, but as key organizational decision makers. The shift makes sense, as digital transformation continues to present businesses with new cybersecurity and data protection challenges.
Just how big are those challenges? In partnership with the Ponemon Institute, Opus conducted a survey of 612 CISOs and information security professionals to find out. The results revealed the top infosec and cyber risks CISOs are worried about for 2018. Not surprisingly, after the year that was 2017, most CISOs believe that cyber threats are getting worse, and that their jobs are becoming much harder. Here’s a breakdown of some of the more revealing pain points.
CISOs’ Top Cyber Risk and Infosec Concerns for 2018
From data breaches to insider threats, most CISOs are worried about not just one main cyber threat, but a few different cybersecurity concerns they believe their organization will face in 2018. The pressure of managing it all is taking its toll.
1. 67% of respondents believe their companies are more likely to fall victim to a cyber attack or data breach in 2018.
Cyber risk and data breaches are a key concern for CISOs as we enter 2018. High-profile data breaches regularly made headlines in the past year and show no signs of slowing down, with 67% concerned they’ll fall victim to a data breach or attack this year. And, 60% of CISOs reported their concerns about data breaches from third parties has increased.
The top factors driving their concerns are their organization’s inability to protect sensitive and confidential data from unauthorized access; inability to keep up with the stealth of the attackers; and failure to control third parties’ use of sensitive data.
2. CISOs find the human factor is the greatest security threat.
We’ve said it before: humans are, well, humans. CISOs are more worried about people making mistakes that lead to a cyberattack than about technology. 70% of CISOs said “lack of competent in-house staff” was the threat they worried most about for 2018 — topping the list over even a data breach or cyber attack. Besides staffing concerns, an organization’s employees are also a major source of cyber risk. 65% of CISOs predict a careless employee will fall victim to a phishing scam that will result in credential theft. Though this is a top concern, 54% of CISOs fear they won’t be able to reduce employee negligence.
3. Securing disruptive technologies will be a major challenge.
The technology landscape is constantly evolving, and CISOs have to keep up with the latest trends as organizations embrace more digital offerings. In the area of disruptive technologies, CISOs consider IoT devices the most challenging to secure, followed by mobile devices and the cloud.
4. Managing an already stressful role with less resources and more cyber risk.
CISOs face the daily pressure of keeping company and customer information secure while also supporting business growth. Not surprisingly, the stress is taking a toll. 69% of CISOs anticipate their roles will be even more stressful in 2018. This is due in part to increasing cyber threats, information security budgets that will decline or remain flat, and the significant costs in the event of a data breach. 45% fear they will lose their job, and 56% believe they will be unable to recover sensitive and confidential data after a breach. These concerns are even pushing CISOs out of IT security positions completely.
It’s not all bad news, however. Despite the clear and imminent cyber risks, some CISOs see a path forward for improving their cybersecurity posture — 37% of respondents, in fact. The top pathways to stronger cybersecurity include cyber intelligence improvements, improvement in staffing, reduction in complexity and improvement in technologies. Though 2017 was a dismal year for the infosec community, perhaps lessons learned will help spur organizations to better risk management.
CISOs and Third-Party Risk
At Opus, we focus on providing organizations with solutions for third party risk management. One recurring concern CISOs cited in the study was the risk associated with doing business with third party vendors and suppliers. 42% of CISOs worry about experiencing a third-party data breach, and 44% worry that a third party will misuse or share confidential information with other third parties.
Their concerns are legitimate. Third-party data breaches are up 7% over last year, with major, globally-recognized companies falling victim. Fortunately, there are ways to reduce risk by following third party risk management best practices. CISOs are recognizing this reality. 42% believe better visibility into the sensitive data accessed and used by third parties, vendors, business partners and contractors would improve an organization’s cybersecurity.
Organizations are at a critical juncture when it comes to managing information security and cyber risk. Failure to do so results in huge reputational damage, loss of customers and revenue, and, increasingly, more compliance fines. Supporting CISOs and listening to their concerns may just be the best way forward for a more secure global business community.
Download the full Ponemon report: What CISOs Worry About in 2018.
Dr. Larry Ponemon will join Opus VP of Innovation & Alliances Dov Goldman on January 16th for a webinar to review the findings of the full report. Reserve your spot for Webinar: What’s Worrying CISOs in 2018?
Want to find out more about how Opus can Free Your BusinessⓇ from third party risk? Learn more about our third-party risk management software.