39% of Cybersecurity Professionals Say Their Company is Under Prepared for a Data Breach

A survey of cybersecurity and IT executives in the United States has revealed 39% of companies are under prepared to handle a data breach. The survey was commissioned by the cybersecurity consulting firm Avertium for the firm’s 2019 Cybersecurity and Threat Preparedness report. The survey was conducted on 223 respondents in the United States at companies with 50 or more employees.

When asked about the main problems they experienced in relation to cybersecurity, the two biggest issues were the increasing complexity of cybersecurity tech stacks, which was rated as a major pain point by 76% of respondents. Added to that is the increasing sophistication of cyberattacks, which was a pain point for 75% of cybersecurity professionals.

66% of respondents said third-party or partner vulnerabilities were a major problem area, and 65% said their jobs have been made much more difficult due to vulnerabilities introduced by their company’s digital transformation. The cost and complexity of regulatory compliance was also rated as a pain point by 65% of respondents.

The types of cyberattack that are causing the greatest concern are phishing and malware attacks, which were rated as a major area of concern by 81% and 67% of respondents respectively.

There is a tendency for businesses to rely on new technology to identify and block cyberattacks. While these cybersecurity solutions are certainly important, many attacks bypass these technical controls and target employees. Investment in training is therefore essential to ensure that the workforce is prepared and knows how to identify phishing emails and other common threats.

To help reduce the risk of phishing and malware attacks, 93% said they had implemented a formal employee education program; however, only 63% of firms said they incorporate cybersecurity training into their employee induction programs and just 46% provide annual security awareness training sessions. 74% of respondents said they send regular communications via email providing tips for identifying the latest phishing scams and 58% conduct regular phishing simulation exercises.

Even though technologies exist to automate many cybersecurity tasks, many processes are still being conducted manually, which is stretching IT departments to breaking point. Only 36% of respondents said they had implemented new technologies such as AI-based and machine learning-based cybersecurity solutions to lower the burden on their security staff.

52% said plans are underway to hire new skilled cybersecurity staff in 2020 and, on average, investment in cybersecurity is set to increase by 36% in 2020.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.