Given all the high-profile cybersecurity attacks making headlines these days, it’s easy to conclude that organizations are still not making cybersecurity a high enough priority. However, a survey of 867 senior executives conducted by Infosys representing 847 firms from 12 industries, with annual revenues of more than $500 million across U.S., Europe, Australia and New Zealand (ANZ) find that 83% now view cybersecurity as critical.New survey: 847 firms, 12 industries, hundreds of millions of dollars in annual revenue, but only 83% of senior executives view #cybersecurity as critical to the business. @mvizard #infosecClick To Tweet
Furthermore, over two-thirds (66%) claim to have implemented a well-defined enterprise-wide strategy and roadmap.
The definition of well-defined security is, of course, going to be in the eye of the beholder. Nevertheless, the survey suggests organizations are finally doing more than just throwing technology at the problem. The survey finds more than half of organizations in addition to acquiring technology are also investing in training/certifications (61%), enablement sessions (54%) and creating security awareness among employees (51%).
In terms of technology initiatives, the survey finds the top three areas organizations are investing in network segregation (65%), threat intelligence platforms (57%), and advanced threat protection (55%). Longer term, survey respondents cited artificial intelligence (41%), privacy and personal data protection (35%) and blockchain and deception technologies (33%) as technologies likely to have the most impact on their cybersecurity strategy.
Finally, the three industry sectors that are specifically cited cybersecurity as being a critical element of their digital transformation journey are manufacturing (87%), energy and utilities (85%) and banking, financial services and insurance (83%).New survey: Of the organizations investing in both processes and technologies, only a little more half are doing anything meaningful in terms of acting on #cybersecurity concerns. @mvizard #infosecClick To Tweet
Based on these results, cybersecurity professionals can take some satisfaction in the fact that so many business leaders now at least understand how critical cybersecurity is. The thing that remains frustrating is based on the number of organizations investing in both processes and technologies only a little more half of the organizations surveyed are doing anything meaningful in terms of acting on those concerns. As a rough estimate, there’s only slightly better than a one in two chance cybersecurity professionals will find themselves working for an organization that truly gets cybersecurity. As disappointing as that may seem, it does represent a massive amount of progress compared to where appreciation of cybersecurity was just a few short years ago.
Before taking a new job, savvy cybersecurity professionals should come up with a list of specific questions they should ask prospective employers to answer during the interview process. After all, given the demand for cybersecurity professionals the hiring process these days is as much about security professionals interviewing employers than it is the other way around. The questions should also focus as much on the soft processes being put in place as much as they do the technology investments being made.
The primary reason most cybersecurity professionals will leave one organization for another is almost always salary. However, frustration is often a close second. Most cybersecurity professionals are not going to be content if they feel powerless to stop incursions. Worse yet, many times they are blamed for breaches that, despite all their warnings, they do not have the tools and processes in place to prevent. The good news is that there are clearly now more organizations that clearly appreciate cybersecurity professionals. The challenge now is separating the organizations that are merely talking a good game versus actually playing to win.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.