June 12, 2018 By Shane Schick 2 min read

While much of what happens in a modern business depends on how data moves back and forth across the corporate network, concern about network security has risen by 71 percent in the past year, according to a recent survey of chief information officers (CIOs). Despite this growing awareness, however, only 22 percent of respondents said they felt prepared for a cyberattack.

The report showed that the role of IT leaders, which includes everything from selecting hardware and software applications to digitizing business processes, is more difficult than ever thanks to the ever-expanding list of cybersecurity risk management challenges. In fact, 78 percent of chief information officers (CIOs) described the systems they use for cybersecurity risk management as only “moderately effective.”

Cybersecurity Risk Management Lags Despite Growing Concern

The findings of the “KPMG/Harvey Nash CIO Survey 2018” reflect how security leaders’ perception of data protection has changed given the evolution of cybercrime from random acts of information theft to sophisticated malware, ransomware and distributed denial-of-service (DDoS) attacks. For instance, 77 percent of survey respondents cited the threat of organized cybercrime as their greatest concern.

The survey results revealed a disconnect between the number of CIOs who are worried about their ability to defend corporate networks against malicious third parties and insider threats and the number of security leaders who are taking meaningful action. While 23 percent of respondents said they have increased their emphasis on security since 2017, the number of CIOs who cited managing risk and compliance as an area of focus rose by only 12 percent.

The Skills Gap and GDPR Create New Risk Management Challenges

The report suggested that the cybersecurity skills shortage might be contributing to this disconnect. The dearth of security and resilience skills, for instance, increased by 25 percent year-over-year. The good news, according to the report, is that cybersecurity risk management is quickly becoming a top priority for board directors.

It’s also worth noting that the report’s authors conducted their research as the General Data Protection Regulation (GDPR) was about to take effect. Despite all the cybersecurity risk management requirements included in the regulation, 38 percent of survey respondents admitted that they would not be ready for the since-passed deadline.

More from

ISC2 Cybersecurity Workforce Study: Shortage of AI skilled workers

4 min read - AI has made an impact everywhere else across the tech world, so it should surprise no one that the 2024 ISC2 Cybersecurity Workforce Study saw artificial intelligence (AI) jump into the top five list of security skills.It’s not just the need for workers with security-related AI skills. The Workforce Study also takes a deep dive into how the 16,000 respondents think AI will impact cybersecurity and job roles overall, from changing skills approaches to creating generative AI (gen AI) strategies.Budgets…

Why do software vendors have such deep access into customer systems?

4 min read - To the naked eye, organizations are independent entities trying to make their individual mark on the world. But that was never the reality. Companies rely on other businesses to stay up and running. A grocery store needs its food suppliers; a tech company relies on the business making semiconductors and hardware. No one can go it alone.Today, the software supply chain interconnects companies across a wide range of industries. Software applications and operating systems depend on segments of the software…

How CTEM is providing better cybersecurity resilience for organizations

4 min read - Organizations today continuously face a number of fast-moving cyber threats that regularly challenge the effectiveness of their cybersecurity defenses. However, to keep pace, businesses need a proactive and adaptive approach to their security planning and execution.Cyber threat exposure management (CTEM) is an effective way to achieve this goal. It provides organizations with a reliable framework for identifying, assessing and mitigating new cyber risks as they materialize.The importance of developing cybersecurity resilienceRegardless of the industry, all organizations are subject to certain…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today