CISOs Top Concerns Identified and Phishing Scams Are the Primary Fear

A recent study by the Ponemon Institute says Chief Information Security Officers, or CISOs, are concerned about falling victim to a cybersecurity attack. Almost 70 percent of CISOs said they feel their organization will face a data breach in 2018.

These responses were gathered from more than 500 CISOs and other information security professionals. Seventy percent of the CISOs say a lack of competent in-house staff is their top security threat, with 65 percent stating that “inadequate in-house expertise” is the top reason they would likely have a data breach.

Surprisingly, most of the responses show concern over employees falling for a phishing scam (65 percent) versus a disruption caused by malware (61 percent). 

Sixty percent of respondents believe Internet of Things (IoT) devices are the most challenging technology to secure. While mobile devices (54 percent), cloud (50 percent), and social media (38 percent) are also cited as technologies difficult to secure, the report found.

Half of CISOs said that their concerns over a third-party causing a data breach either increased significantly or increased in the past year.

In response, though, 37 percent report that they expect their organization’s IT security budget to either increase significantly or increase; 40 percent state their IT security budget will likely stay the same, while 16 percent say it will decrease. The same respondents also say that directors will likely have more involvement in IT security – 19 percent said the board of directors would become significantly more involved; 31 percent said the board would be more involved.

Fifty-six percent say that the inability to recover sensitive and confidential data is the top negative consequence that will stem from a data breach, While, losing relationships with third parties or business partners (54 percent), losing their own job (45 percent), or losing customers (40 percent) are also key concerns. 

"It's not an easy time to be a CISO – there's a lot of pain obvious in these survey results,” Ponemon Institute chairman and founder Dr. Larry Ponemon says in a statement. “Data breaches and cyber-attacks continue to plague organizations and the responsibility of protecting sensitive data stops with the CISO. It's critical that companies support CISOs and reduce risk by implementing standard processes, including policy review and documentation, senior leadership and board member oversight, as well as other safeguards to reduce their vulnerability.

The study strongly suggests that people and employees are the weak link in information security.

Despite their fears, CISOs seem optimistic when asked about their organization’s cybersecurity posture, with 37 percent saying it would improve in 2018. Additionally, 37 percent of respondents said they believe their organization’s security posture will stay around the same level.

The report also identified tips for managing CISO fears, including offering cyber intelligence improvements, improving staffing, reducing complexity, improving technologies, and having better cybersecurity leadership. 

Scott Rupp's picture

Scott Rupp


Scott E. Rupp is a writer and an award-winning journalist focused on healthcare technology. He has worked as a public relations executive for a major electronic health record/practice management vendor, and he currently manages his own agency, millerrupp. In addition to writing for a variety of publications, Scott also offers his insights on healthcare technology and its leaders on his site, Electronic Health Reporter.

comments powered by Disqus

Related Articles