While much of what happens in a modern business depends on how data moves back and forth across the corporate network, concern about network security has risen by 71 percent in the past year, according to a recent survey of chief information officers (CIOs). Despite this growing awareness, however, only 22 percent of respondents said they felt prepared for a cyberattack.

The report showed that the role of IT leaders, which includes everything from selecting hardware and software applications to digitizing business processes, is more difficult than ever thanks to the ever-expanding list of cybersecurity risk management challenges. In fact, 78 percent of chief information officers (CIOs) described the systems they use for cybersecurity risk management as only “moderately effective.”

Cybersecurity Risk Management Lags Despite Growing Concern

The findings of the “KPMG/Harvey Nash CIO Survey 2018” reflect how security leaders’ perception of data protection has changed given the evolution of cybercrime from random acts of information theft to sophisticated malware, ransomware and distributed denial-of-service (DDoS) attacks. For instance, 77 percent of survey respondents cited the threat of organized cybercrime as their greatest concern.

The survey results revealed a disconnect between the number of CIOs who are worried about their ability to defend corporate networks against malicious third parties and insider threats and the number of security leaders who are taking meaningful action. While 23 percent of respondents said they have increased their emphasis on security since 2017, the number of CIOs who cited managing risk and compliance as an area of focus rose by only 12 percent.

The Skills Gap and GDPR Create New Risk Management Challenges

The report suggested that the cybersecurity skills shortage might be contributing to this disconnect. The dearth of security and resilience skills, for instance, increased by 25 percent year-over-year. The good news, according to the report, is that cybersecurity risk management is quickly becoming a top priority for board directors.

It’s also worth noting that the report’s authors conducted their research as the General Data Protection Regulation (GDPR) was about to take effect. Despite all the cybersecurity risk management requirements included in the regulation, 38 percent of survey respondents admitted that they would not be ready for the since-passed deadline.

More from

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Abuse of Privilege Enabled Long-Term DIB Organization Hack

From November 2021 through January 2022, the Cybersecurity and Infrastructure Security Agency (CISA) responded to an advanced cyberattack on a Defense Industrial Base (DIB) organization’s enterprise network. During that time frame, advanced persistent threat (APT) adversaries used an open-source toolkit called Impacket to breach the environment and further penetrate the organization’s network. Even worse, CISA reported that multiple APT groups may have hacked into the organization’s network. Data breaches such as these are almost always the result of compromised endpoints…

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Worms of Wisdom: How WannaCry Shapes Cybersecurity Today

WannaCry wasn't a particularly complex or innovative ransomware attack. What made it unique, however, was its rapid spread. Using the EternalBlue exploit, malware could quickly move from device to device, leveraging a flaw in the Microsoft Windows Server Message Block (SMB) protocol. As a result, when the WannaCry "ransomworm" hit networks in 2017, it expanded to wreak havoc on high-profile systems worldwide. While the discovery of a "kill switch" in the code blunted the spread of the attack and newly…