2017 Security Pressures Report Shows 53% of Respondents Face Increased Overall Pressure to Secure their Business
CHICAGO - April 12, 2017 - Trustwave today released its 2017 Security Pressures Report, based on a global survey of 1,600 information security decision makers that measures the immense pressure in-house cybersecurity professionals face and the key drivers behind that pressure. The fourth-annual report also provides a year-over-year comparison of 2015 and 2016 and includes regional viewpoints from the United States, Canada, United Kingdom, Australia, Singapore and, for the first time, Japan. The report offers recommendations to help businesses ease employee distress and create higher-performing security teams.
The new study shows that while 53% of respondents report increased pressure in trying to secure their organization, there has been a shift in the source of this stress. Security is now becoming more personal, with 24% of respondents citing pressure exerted by oneself as the second-biggest human pressure pusher, up 13% from the previous year. This is compared to 46% citing the most people pressure coming from boards, owners and C-level executives, which dropped 13% in the last year. This shift in pressure highlights that individuals may be starting to understand the bigger role they play in helping to enable their organization's security posture.
Other key findings from the 2017 Security Pressures Report from Trustwave include:
- Daunting repercussions for individuals and businesses alike: Forty-two percent of respondents cited their biggest fear following a cyberattack or breach was reputational damage to themselves and their company. This fear took the lead ahead of financial damage to one's company (38%) and termination (11%).
- Managing on a global scale: Thirty-one percent of respondents partnered with a managed security services provider (MSSP) to help compensate for lack of skilled security professionals, while 26% of respondents are involved in a partnership between in-house teams and an MSSP.
- Quality over quantity: In terms of operational pressure, shortage of security expertise has emerged as the second biggest pressure facing security pros at 15%, behind advanced security threats at 29%. Although companies are facing a large skills gap, 24% of respondents would rather increase the security skills among staff members rather than increase their staff (3%), confirming the desire to grow their skills versus throwing bodies at the pressures they face.
- Computer kidnapping: Thirty percent of respondents rank customer data theft as the most worrisome outcome of a cyberattack or data breach. Next is ransomware, for which 18% of respondents view as the most unsettling post-incident consequence.
- Internal vs. external: Respondents are nearly evenly split on who they are more pressured to protect against, with 51% citing external threats (a drop of 7% from last year) and 49% naming internal threats.
- Progress in prioritizing security over speed: Sixty-five percent of respondents felt pressure to roll out IT projects before they had undergone necessary security checks/repairs, compared to 77% over the previous two years. Thirty-five percent of respondents did not feel pressured to deploy new technology quickly, up 12% from last year.
- Latest and greatest: Pressure to select security technologies containing the latest features dropped from 74% in last year's report to 64% this year, despite 27% of respondents citing that they lack the proper in-house resources to effectively use them.
"Findings show that the pressures cybersecurity professionals face have become much more personal than in previous years, as executives recognize that pressure does not translate into better performance - instead it may lead to stress, burnout, and faults," said Chris Schueler, senior vice president of Managed Security Services at Trustwave. "In an era where security talent is at a premium, organizations cannot afford to lose these skilled individuals. My advice to those facing these pressures head on is to no longer think of security as a siloed discipline. To build a successful security program, you must establish both internal and external allies. Partnering with a managed security service provider can help compensate for and amplify areas of your security program that you find too complex or lack the internal resources to address."
Methodology
Trustwave commissioned a third-party research firm to survey 1,600 full-time information technology (IT) professionals who are security decision makers or security influencers within their organizations. The objective of this survey was to measure the variety of pressures they face regarding information security. Respondents consisted mainly of chief information officers (CIOs), IT/IT security directors and IT/IT security managers, which included 600 in the United States and 200 each in Canada, the United Kingdom, Australia, Singapore and Japan. Respondents work in a variety of sectors, with the most frequent being technology, manufacturing and professional services. Respondents work at organizations that employ a mean of 4,267 people. The survey was deployed through emails sent in January 2017. Survey results have a margin of error at +/- 4% in the United States and +/- 6.9% in all other countries.
About Trustwave
Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.
###
All trademarks used herein remain the property of their respective owners. Their use does not indicate or imply a relationship between Trustwave and the owners of such trademarks.