A global survey, commissioned by Bitdefender and conducted among 6,086 infosec professionals in July 2019 across the UK, US, Australia, New Zealand, Germany, France, Italy and Spain, reveals that 58% are worried about the readiness of their organization in dealing with a global cyberattacks. Six in every ten businesses have experienced a breach in either in the last three years.
At least a third of infosec professionals (36%) whose employers had not recently been a victim of a cyberattack also believe that it is likely that they are currently facing one without knowing about it. According to this ‘Bitdefender Hacked Off! Study’, it might be an indicator of a bumper year for breaches, as the total number of organizations reporting breaches in 2018 only came to 32%.
Against the backdrop of an increasingly complex and fast-moving threat landscape, infosec professionals are acutely aware of the risks their organizations face. Almost half (49%) report that they are kept awake at night worrying about their organization’s cybersecurity. More than half (58%) are also worried about the readiness of their organization in dealing with a global cyberattack.
Key Executives, Security Compliance
More than a third of survey respondents report that there is a lack of cybersecurity understanding from general employees. There’s also a problem at the top of organizations. C-Suite support would be minimal, with as many as 57% of infosec professionals revealing that key executives are the least likely to comply with organizational cybersecurity policy – either pushing back on, or completely disregarding the rules.
Furthermore, infosec professionals are suffering from breach fatigue. On average, over half (53%) of endpoint detection and responses are false alarms, and 49% of infosec professionals say their team experience both and agent fatigue. Their stress levels are high. This is compounded by the belief that 73% of them think their organization is more at risk of a cyberattack because they are under-resourced. This is higher (78%) for companies employing more than 1,000 people.
Despite the need for improvements, 57% of infosec professionals rate their organizations’ cybersecurity either very good or excellent.
“According to respondents, resources are such a stressor that 53% of infosec professionals have contemplated leaving their job due to under-resourcing in terms of staff,” said Liviu Arsene, Global Cybersecurity Researcher at Bitdefender. “Resources are in fact such a bugbear that infosec pros say the main obstacles to their organizations’ strengthening their cybersecurity posture are a lack of budget and a lack of skilled personnel.”
Cyberattack Detection
There would be a desperate need for the speed of response to increase. Almost one in three infosec professionals (29%) reveal that it would take a week or longer to detect an advanced cyberattack. This is higher (39%) among those that are in organizations that provide info security training & support – which is quite surprising, as the main obstacles that prevent rapid incident detection and response are identified as being ‘lack of knowledge’ and a ‘lack of proper security tools’ (both 36%). There’s also a catch in breach identification. Only three in every one hundred infosec professionals reported that 100% of advanced attacks can be efficiently detected and isolated. For three in every ten companies (31%), the figure is less than half – which would prove that there is vast room for improvement.
The need for speed in detection and response to threats is born from the very real consequences that companies face if their cybersecurity is not up to scratch. The fallout from being unaware of an on-going breach, according to infosec professionals, would be ‘business interruption’ (43%), ‘reputational cost’ (38%), and a ‘loss of revenue’ (37%). But, what’s most concerning to infosec professionals is the loss of customer trust. More than a third (37%) say it is their biggest concern.
About the Research
The Bitdefender Hacked Off! Study represents a broad cross-section of organizations and industries, from SMEs through to publicly listed 10,000+ person enterprises. The report (Adobe PDF link) details the pressures faced by IT professionals, how these pressures impact the effectiveness of security measures, as well as analyzing the best strategies to keep organizations safe. All audience members utilize and/or have decision-making power over data security solutions and software security products. The interviews were conducted online by Sapio Research in July 2019 using an email invitation and an online survey.
