Most businesses now recognize internet security as a real concern, yet new research has found that just 1 in 7 security chiefs report directly to their CEO.
An ISACA and RSA conference report titled State of Cybersecurity: Implications for 2016, found that 82% of information security professionals feel that their board of directors is either concerned or very concerned about cybersecurity, yet those fears are not being reflected in the boardroom.
“While there are signs that C-level executives increasingly understand the importance of cybersecurity, there are still opportunities for improvement,” said Jennifer Lawinski, Editor-in-Chief, RSA Conference. “The majority of CISOs still report to CIOs, which shows cybersecurity is viewed as a technical rather than business issue. This survey highlights the discrepancy to provide an opportunity for growth for the infosec community in the future.”
Despite not being a priority at board level, the majority of industry experts are preparing for the worst, with 74% of those surveyed expecting a cyberattack in 2016. As reported by Business Wire, as many as 30% also said they experience phishing attacks every day, the likes of which exposed the financial details of Snapchat employees earlier this week.
Confidence is also on the wane, with the last year seeing a 12-point drop in the percentage of security professionals who are confident in their team’s ability to detect and respond to incidents.
This is reflected in what the report describes as a 'situational unawareness' within the industry. For instance, 24% of professionals who reported that cybersecurity is their primary responsibility said that they did not know whether any security credentials were stolen in 2015. 23% did not know whether their company had received an advanced persistent threat (APT) attack, and 20% didn't know whether corporate assets had been hi-jacked for botnet use.
The report's findings serve as a fresh reminder of the need for education around cybersecurity, although there were signs that awareness is growing. 61 percent of professionals said they expected their cybersecurity budget to increase in 2016 and 75 percent say their organization’s cybersecurity strategy now aligns to enterprise objectives.
To read the report in full, download the whitepaper from ISACA's website.