80% of security leaders expect to be attacked this year
Four in five security leaders expect a cyber attack to hit their organisations this year, but many are unprepared to defend against emerging threats, an ISACA survey indicates.
More than half (53%) of respondents to the global information security association’s State of Cyber Security study reported a year-over-year increase in cyber attacks last year.
In addition, 78% of respondents reported experiencing malicious attacks that can impair an organisation’s operations and user data.
But many organisations are struggling to keep pace with the evolving threat environment due to a lack of resources. For example, while 62% of respondents reported experiencing ransomware last year, only 53% have a formal process in place to address it.
Fewer than one in three organisations (31%) routinely test their security controls, with 13% never testing them, and 16% do not have an incident response plan, the survey shows.
“There is a significant and concerning gap between the threats an organisation faces and its readiness to address those threats in a timely or effective manner,” ISACA Board Chair Dr Christos Dimitriadis said.
“Cybersecurity professionals face huge demands to secure organisational infrastructure, and teams need to be properly trained, resourced and prepared.”
On the bright side, 65% of organisations surveyed now have a chief information security officer (CISO), up from 50% last year.
But security leaders continue to report difficulties filling open cybersecurity positions, and one in four organisations have training budgets of less than US$1000 ($1335) per cybersecurity team member, limiting their ability to train talent to bridge these skills shortages.
“The rise of CISOs in organisations demonstrates a growing leadership commitment to securing the enterprise, which is an encouraging sign, but it’s not a cure-all,” Dimitriadis said.
“With the number of malicious attacks increasing, organisations can’t afford a resource slowdown. Yet with so many respondents showing a lack of confidence in their teams’ ability to address complex issues, we know there is more that must be done to address the urgent cybersecurity challenges faced by all enterprises.”
Secure-by-design software development for digital innovation
The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...
Bolstering AI-powered cybersecurity in the face of increasing threats
The escalation of complex cyber risks is becoming a pressing issue for those in business...
How attackers are weaponising GenAI through data poisoning and manipulation
The possibility for shared large language models to be manipulated through data poisoning...
