Global poll reveals skepticism about data breach disclosures and anticipated hiring challenges due to cybersecurity skills gap
Rolling Meadows, IL, USA (11 January 2016) — Close to two-thirds (63%) of global IT professionals oppose giving governments backdoor access to encrypted information systems, and similar numbers (59%) feel that privacy is being compromised in an effort to implement stronger cybersecurity laws. The survey by global IT and cybersecurity association ISACA of 2,920 members in 121 countries also reveals marked skepticism about the likelihood of organizations sharing data breach information voluntarily as called for by the recently passed U.S. Cybersecurity Information Sharing Act of 2015.
ISACA’s January 2016 Cybersecurity Snapshot shows mixed attitudes toward sharing information after a data breach. Eighty-three percent of those polled favor regulation requiring companies to notify customers within 30 days of the discovery of a data breach – a 10-point increase in little more than a year. Nearly three-quarters (72%) of US respondents say they are in favor of the U.S. Cybersecurity Information Sharing Act of 2015, which encourages cyberthreat information sharing between the government and the private sector. Yet, only 46% believe their own organization would do so voluntarily if it experiences a data breach.
“The Cybersecurity Snapshot shows that the professionals on the front lines of the cyberthreat battle recognize the value of information-sharing among consumers, businesses and government, but also know the challenges associated with doing so,” said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, international president of ISACA and group director of information security at INTRALOT. “Cybersecurity has become a high-stakes, boardroom-level issue that can have crippling consequences for any C-suite executive who lacks knowledge about the issues and risks. Strong public-private collaboration and ongoing knowledge-sharing are needed to safeguard our organizations from cybercriminals.”
Top Three Threats for 2016
The three threats that global IT and security professionals are most concerned about for their organization this year are:
- Social engineering (52%)
- Insider threats (40%)
- Advanced persistent threats (APT) (39%)
These items outranked options frequently associated with cyberattacks, including malware, unpatched systems and distributed denial-of-service attacks.
Cyber Skills Gap Still a Big Problem
According to the findings, the cybersecurity skills gap continues to pose a significant obstacle to organizations seeking to expand their cyber workforce. Close to half (45%) of those surveyed worldwide report that they are hiring more cybersecurity professionals in 2016, yet fully 94% of those hiring say it will be difficult to find skilled candidates. Identifying who has adequate skills and knowledge will also be difficult, say more than six in 10 survey participants.
“The aggressive increase in cyberattacks worldwide is feeding a growing chasm between demand and supply in the cybersecurity talent wars. It is also shedding light on a critical problem in our industry: identifying job candidates who are truly qualified to safeguard corporate assets in a landscape that is highly complex and constantly evolving,” said Eddie Schwartz, CISA, CISM, CISSP-ISSEP, PMP, international vice president of ISACA and president and COO of WhiteOps.
ISACA was the first to combine skills-based vendor-neutral cybersecurity training with performance-based exams and certifications to address the cyber talent shortage with the launch the CSX Practitioner certification in August 2015.
New Report Added to Cybersecurity Legislation Watch
To help organizations understand the implications of the new U.S. legislation, ISACA today added a new report to its Cybersecurity Legislation Watch center, part of Cybersecurity Nexus (CSX). The report, US Enacts Cybersecurity Information Sharing Legislation, analyzes the Cybersecurity Act of 2015 (P. L. 114-113), which was recently passed by the US Congress and signed by President Barack Obama. The report includes a look at the background of the act, its expected impact on business and criticisms from privacy advocates. To view the special report, visit www.isaca.org/cybersecurity-legislation.
ISACA launched Cybersecurity Nexus (CSX) in 2014 to help address a growing worldwide cybersecurity skills crisis. CSX is a central location of cybersecurity research, guidance, certificates and certifications, education, mentoring and community. ISACA recently introduced skills-based training with performance-based exams and CSX certifications to help professionals build and evolve their careers in cybersecurity. Last year marked the successful debut to a sold-out crowd of the North America CSX 2015 Conference, dedicated specifically to cybersecurity. In 2016 ISACA is expanding the cybersecurity event to Europe and Asia.
ISACA (isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT, a business framework to govern enterprise technology.
ISACA on LinkedIn: ISACA, https://www.linkedin.com/company/isaca
Joanne Duffer, +1.847.660.5564, [email protected]
Kristen Kessinger, +1.847.660.5512, [email protected]
Sara Bosco, +1.646.935.4366, [email protected]