So what keeps you up at night? If you are a Chief Information Security Office for a major company, it may be the anxiety of losing your job should your employer fall victim to a cyber attack such as a data breach. This was one of the worrisome statistics outlined in the Ponemon Institute’s Megatrend Study that was publicized earlier this year. The many cyber incidents that have dominated the headlines and media outlets over the past couple of years appears to be taking its toll on CISO’s and other C-Suite executives.
The study involved 612 CISOs, CIOs, and other information security professionals.
These apprehensions are not singular to US-based industry professionals. A survey conducted at Infosecurity Europe 2017 showed similar results. In this study, security professionals were asked which company position was most responsible in the event of a company data breach.
Of the respondents,
Recent examples of forced departures include the resignation of Equifax CEO Richard Smith after the disclosure of the massive breach. At Uber, three senior managers in the security unit resigned in the aftermath of the disclosed cover-up in which Uber paid a hacking group to delete the records seized by the perpetrators in a massive data breach involving over 50 million drivers and passengers. Other examples of high-level firings include companies such as Austrian aerospace manufacturer FACC, Sony, Target and Home Depot.
In addition, the public clearly feels that companies should take the hit for data breaches that involve their personal information. In a recent survey of 9,000 consumers surveyed in Australia, Benelux, France, Germany, Russia, UAE, Saudi Arabia, India, Japan, United Kingdom, and the United States, 70% of respondents assign the responsibility of protecting and securing customer data lies squarely with the companies themselves.
The Ponemon Study clearly shows that the stress of cybersecurity is taking its toll amongst CISOs. Not only do the majority of them feel a cyber attack is imminent, but 66% say that they expect their job to get more stressful in the coming twelve months. More concerning is the fact that
Certainly, the publicity over cyber attacks such as data breaches and ransomware have turned up the heat for these executives. Information overload and increased regulations are also contributing as well. Besides these atmospheric changes, the Ponemon Study outlined some specific concerns expressed by the respondents.
A major concern outlined in the report was the inability to prepare for new types of threats long term due to the bombardment of daily threats and attacks. Malware and phishing attacks continue to be top concerns as phishing remains the primary delivery agent for malware generated data breaches and ransomware attacks. The ability to completely secure the user email experience is a top priority. Besides the implementation of security tools such as modern-day email and web filtering, cybersecurity needs to become a practiced culture within every organization. Until it is, the stress for top-level IT security executives is sure to remain high.
Sign-up for email updates...