December 10, 2014 By Jaikumar Vijayan 3 min read

In direct contrast to two recent reports suggesting dangerous overconfidence on cybersecurity matters within many organizations, a new report shows that a majority of security leaders actually feel outmatched by their cyberadversaries.

Despite having mature technologies and practices to deal with a range of advanced security threats, close to 60 percent of 138 chief information security officers (CISOs) and senior security executives said in a recent IBM survey that they felt attackers had outstripped their organization’s defensive capabilities.

Deep Apprehension

IBM interviewed the security leaders for its third annual Chief Information Security Officer (CISO) study. The goal of the study, which was conducted by the IBM Center for Applied Insights, is to gain an understanding of how security leaders view the current threat landscape.

What it shows is a deep level of apprehension among CISOs, chief information officers, chief technology officers and others tasked with enterprise information security management functions.

Eight in 10 survey respondents said the number of external threats to their companies was rising, while 40 percent pointed to such threats as their biggest challenge. Much of the concern over external threats appears to be tied to the growing interconnectivity and interactions between enterprises and their business partners, customers and suppliers.

“As enterprise leaders continue to outline business priorities, external threats will require the most organizational effort over the next three to five years — as much as regulations, new technologies and internal threats combined,” the IBM report noted.

In addition to the external threats, many CISOs also pointed to government regulations and rules as a major area of concern. Over 80 of the security leaders surveyed felt that regulations and standards handed down by the government had significantly increased their risk over the past three years. Another area of concern was the uncertainty expressed by many over whether governments would handle regulations and governance issues at a national or a global level.

Mature Security Technologies

Interestingly, the concerns about being outgunned by adversaries existed even though 70 percent of the technology executives surveyed believed their businesses had mature technologies for intrusion prevention, malware detection and network scanning. Slightly more than half of those surveyed said their ability to address security needs was, ironically enough, being strained by the increasing pace of innovation in the security industry.

“Pressured to deploy, integrate and improve current systems, security leaders have little remaining capacity to contemplate developing technologies,” the IBM report said.

Contrasting Sentiments

The findings in the IBM report are at odds with the conclusions of two other recent surveys that showed IT managers expressing a surprising degree of confidence over the preparedness of their security organizations to deal with security threats.

In one of the surveys, conducted by Enterprise Management Associates on behalf of software vendor SolarWinds, 84 percent of 312 IT managers felt their organizations were “very secure” from cyberthreats, though almost the same percentage also admitted to suffering a major security incident in the past year. The other survey of 250 IT professionals by ThreatTrack Security reported 94 percent of the respondents expressing confidence in their ability to deflect cyberattacks, even though a majority had experienced a recent breach.

Preparing for cyberattacks has become a major issue in a year during which numerous companies have reported major data breaches. Following the network intrusion at Target last December that exposed data on 40 million credit and debit cards, there have been numerous other breaches of similar scope over the past 12 months. Such victims include Home Depot, JPMorgan Chase, Community Heath Systems, Kmart and UPS Stores.

The breaches and evolving government regulations are driving a complete reassessment of security strategies at many organizations, IBM noted in its CISO report. The trend has also vaulted security leaders into positions of considerably greater influence at their companies, IBM said.

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today