In preparation for the US State of the Union address in 2015, the Information Systems Audit and Control Association (ISACA) surveyed 3,439 ISACA members for the 2015 Global Cybersecurity Status Report (read more on the report here) to gain better understanding of the largest concerns in the cybersecurity field in response to plans outlined in President Obama’s cybersecurity address. The thousands of global respondents include IT professionals specializing in audits, governance and cybersecurity and reveal some shocking insights into the preparedness of businesses’ dealings with potential cyber attacks, the workforce supply of cybersecurity professionals and the concerns companies have about their cybersecurity status. Below are five points which we found especially concerning.
1. Organizations Expect a Cyber Attack
2015 was an eye opener for many organizations about the potential threats of cybersecurity attacks with breaches on Anthem, Ashley Madison, Sony Pictures, T-Mobile, CIA Director John Brennan’s personal email account, and more, nearly 300 million records were leaked and over $1 billion stolen according to Tech Insider (read article here). For obvious reasons, to many organizations it is no longer a question of if a cyber attack will happen, it’s a question of when. According to ISACA, 46% of companies expect a cyber attack, 30% are unsure of whether they’re expecting an attack and only 24% have no expectations of being hit with an attack. Luckily, fear has caused action and 53% of organizations are increasing their staff’s cybersecurity awareness training.
2. Organizations are Unprepared for Sophisticated Cyber Attacks
Although nearly half of companies expect a cyber attack and more than half are making efforts to better protect themselves, few are confident in whether they are prepared to handle a sophisticated attack. Only 38% of IT professionals surveyed by ISACA feel prepared to deal with cyber attacks, while 34% feel completely unprepared. The stakes are high with thwarting cybercriminals, especially as mobile and IoT gain prominence in the business world. With as much as $300 million being stolen from over 100 financial institutions in 2015, according to the New York Times (read article here) this type of uncertainty could cost companies much more than they can recover.
3. Respondents are Equally Concerned About Cyber Attacks and Terrorist Attacks
Cyber attacks may target an individual, an organization or an entire nation. ISACA took this into account when conducting their survey and their findings are fascinating. While only 5% of respondents were not at all concerned with the possibility of a cyber attack or terrorist attack, 48% of respondents were equally concerned about either attack. Perhaps more interesting is that 36% of respondents were more concerned with cyber attacks alone while only 11% were more concerned with a physical attack making it very apparent how crucial the internet has become as- possibly- our biggest individual and global asset.
4. Cyber Attacks are at the Top of the Threat List for Organizations
It may not come as such a surprise after finding #3, but companies agreed that cyber attacks were among the top three threats facing businesses in 2015. In the last five years, an increasing number of cyber attacks have shown that it doesn’t matter how big the company, it is still vulnerable to cybercriminals which is likely why 83% of respondents surveyed said that cyber attacks were at the top of the list of largest threats to their company/organization.
5. Companies are Struggling to Find Cybersecurity Professionals
The most agreed on point of the survey: there is a lack of trained professionals in the cybersecurity industry, a key element in holding many companies back from improving their cybersecurity efforts. 86% of respondents agree that there is a major shortage of cybersecurity professionals. Only 3% of those surveyed thought finding skilled candidates wouldn’t be an issue. Even entry-level cybersecurity positions present recruiting difficulty for organizations, as 54% of companies have problems gauging how technically competent college graduates are in the cybersecurity field.
Every business will face many cybersecurity challenges in the coming years. Preparing appropriately by working on hiring practices that better identify how knowledgeable candidates are, allocating IT budgets for cybersecurity measures and training organizations for cyber attacks with awareness campaigns relevant to their position can help protect an organization when an intrusion occurs. These shocking findings from the 2015 Global Cybersecurity Status Report reveal just how critical these measures are.