For CISOs in the US and UK, relentless, internet-scale threat campaigns and the sense that security teams are ill-equipped to stop them are near-universal pain points.
To better understand security leaders’ prevailing attitude toward the digital threat landscape, RiskIQ surveyed 1,691 CISOs from multiple verticals, including enterprise, consulting, government and education. The results show that with rapidly escalating digital threats now well documented and acknowledged, 89.1% of all information security leaders are concerned about the rise of digital threats. The top three concerns are phishing and malware attacks on employees and customers; brand impersonation, abuse, and reputational damage; and information breaches.
Interestingly, the issue giving CISOs the most anxiety aren’t actually the threats themselves, but a troubling shortage of staff and viable technology that can help stem the tide. As cybercriminals take advantage of vulnerabilities and lax security oversight across a business’s web, social and mobile assets, 67% of respondents claimed not to have sufficient staff to handle the daily barrage of cyber-alerts they receive.
This sentiment aligns with findings in the IDG Connect: 2017 State of Digital Defense Research Report, published in October 2017, which showed that 68% of IT organizations have no to modest confidence to manage digital threats, despite a majority significantly increasing their near-term digital defense investments.
This likely accounts for why 37% of firms have engaged a managed security provider to help monitor and manage cyber-threats.
“A lack of experienced staff to monitor and protect organizations from threat campaigns such as malvertising, phishing, and state-sponsored attacks will only get worse as businesses continue to expand their digital footprints in the pursuit of growing their business,” the firm said in its report.
Unsurprisingly, 60% of respondents expect digital threats to surge as their organizations increase online engagement with customers.