Avertium Survey Indicates Two of Five Cybersecurity Professionals Say Their Company Is Under-Prepared to Handle a Data Breach
Volume and Sophistication of Attacks and Complexity of the Cybersecurity Tech Stack Are Top Pain Points
According to the 2019 Cybersecurity and Threat Preparedness Survey, 39 percent of respondents indicate their company is under-prepared to handle a data breach and 66 percent prefer negotiating with a used car salesperson over dealing with a breach. Commissioned by Avertium, a leading provider of managed security and security consulting services, the online survey included responses from 223 cybersecurity and IT executives in the U.S. Key findings highlight attitudes toward new technologies, threat preparedness and investment strategies for 2020.
The Avertium Cybersecurity and Threat Preparedness Survey brings to light the love-hate relationship between security and IT professionals and technology. Most professionals believe technology will be pivotal in the future of cybersecurity with nearly two-thirds (65 percent) of respondents saying that Artificial Intelligence (AI) or Machine Learning (ML) will be able to solve more problems than humans. Despite this belief, only 36 percent have deployed these technologies in their environments. This relatively low adoption rate correlates with two of the top pain points cited by respondents: managing the increasing complexity of the cyber tech stack (76 percent) and the volume and sophistication of hacks (75 percent).
The survey findings also point to the continued criticality of the human element in identifying and addressing cyber threats. More than half (52 percent) report plans to expand the cybersecurity team at their respective companies in 2020.
“Today’s cyberattacks can cost a company well over $1 million per incident. Security leaders that place too much emphasis on the latest technologies are missing out on the other four elements of a sound cybersecurity strategy,” shared Jeff Schmidt, CEO of Avertium. “People are the very first element in a pragmatic cybersecurity strategy with the other four being process, policies, technology and automation and it is good news that more than half of the companies are improving their security posture by adding to in-house capabilities or augmenting it with consultants.”
Training and Education are Critical
Despite the increase in types of attacks and sophistication of hackers, industry professionals’ greatest concerns continue to be phishing (81 percent) and malware (67 percent). To educate employees on preventing exposure to these types of threats, more than 90 percent of companies accounted for in the survey have at least one process in place, including incorporating it in new employee orientation (63 percent) and hosting annual training sessions (46 percent). To share common signs of phishing scams, three-quarters (74 percent) of respondents send email communication and nearly three-fifths (58 percent) conduct regular phishing exercises.
- The top two greatest pain points for cybersecurity professionals are the increasing complexity of cybersecurity tech stacks (76 percent) and the volume and sophistication of hacks (75 percent), with three others in a tie for third place: third-party or partner vulnerability (66 percent), increase in vulnerability due to digital transformation (65 percent) and the cost and complexity of achieving regulatory compliance (65 percent).
- 39 percent believe their company is under-prepared to handle a cyber breach
- On average, companies plan to increase investments by 36 percent in 2020
- 52 percent plan to increase their cybersecurity team in 2020
- 93 percent have formal training in place to educate employees on cyber threats
- Phishing (78 percent) and Malware (62 percent) continue to be the most concerning attacks for companies, and will remain so in 2020 – Phishing (81 percent) and Malware (67 percent)