December 10, 2014 By Jaikumar Vijayan 3 min read

In direct contrast to two recent reports suggesting dangerous overconfidence on cybersecurity matters within many organizations, a new report shows that a majority of security leaders actually feel outmatched by their cyberadversaries.

Despite having mature technologies and practices to deal with a range of advanced security threats, close to 60 percent of 138 chief information security officers (CISOs) and senior security executives said in a recent IBM survey that they felt attackers had outstripped their organization’s defensive capabilities.

Deep Apprehension

IBM interviewed the security leaders for its third annual Chief Information Security Officer (CISO) study. The goal of the study, which was conducted by the IBM Center for Applied Insights, is to gain an understanding of how security leaders view the current threat landscape.

What it shows is a deep level of apprehension among CISOs, chief information officers, chief technology officers and others tasked with enterprise information security management functions.

Eight in 10 survey respondents said the number of external threats to their companies was rising, while 40 percent pointed to such threats as their biggest challenge. Much of the concern over external threats appears to be tied to the growing interconnectivity and interactions between enterprises and their business partners, customers and suppliers.

“As enterprise leaders continue to outline business priorities, external threats will require the most organizational effort over the next three to five years — as much as regulations, new technologies and internal threats combined,” the IBM report noted.

In addition to the external threats, many CISOs also pointed to government regulations and rules as a major area of concern. Over 80 of the security leaders surveyed felt that regulations and standards handed down by the government had significantly increased their risk over the past three years. Another area of concern was the uncertainty expressed by many over whether governments would handle regulations and governance issues at a national or a global level.

Mature Security Technologies

Interestingly, the concerns about being outgunned by adversaries existed even though 70 percent of the technology executives surveyed believed their businesses had mature technologies for intrusion prevention, malware detection and network scanning. Slightly more than half of those surveyed said their ability to address security needs was, ironically enough, being strained by the increasing pace of innovation in the security industry.

“Pressured to deploy, integrate and improve current systems, security leaders have little remaining capacity to contemplate developing technologies,” the IBM report said.

Contrasting Sentiments

The findings in the IBM report are at odds with the conclusions of two other recent surveys that showed IT managers expressing a surprising degree of confidence over the preparedness of their security organizations to deal with security threats.

In one of the surveys, conducted by Enterprise Management Associates on behalf of software vendor SolarWinds, 84 percent of 312 IT managers felt their organizations were “very secure” from cyberthreats, though almost the same percentage also admitted to suffering a major security incident in the past year. The other survey of 250 IT professionals by ThreatTrack Security reported 94 percent of the respondents expressing confidence in their ability to deflect cyberattacks, even though a majority had experienced a recent breach.

Preparing for cyberattacks has become a major issue in a year during which numerous companies have reported major data breaches. Following the network intrusion at Target last December that exposed data on 40 million credit and debit cards, there have been numerous other breaches of similar scope over the past 12 months. Such victims include Home Depot, JPMorgan Chase, Community Heath Systems, Kmart and UPS Stores.

The breaches and evolving government regulations are driving a complete reassessment of security strategies at many organizations, IBM noted in its CISO report. The trend has also vaulted security leaders into positions of considerably greater influence at their companies, IBM said.

More from

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today