In industries ranging from retail stores to financial services, growing numbers of top executives are seeing cybersecurity as a key advantage over their competitors, chief IT security officials say in a new survey.
The percentage of government and business leaders who consider cybersecurity to be a competitive advantage will likely double from 25 percent to 51 percent in the next three years, according to the survey of IT professionals worldwide. Respondents said only a third of their senior leaders consider cybersecurity to be a strategic priority.
Titled “2015 Global Megatrends in Cybersecurity,” the survey, commissioned by Raytheon Company and conducted by Ponemon Institute, included responses from 1,006 chief information officers, chief information security officers (CISOs) and senior IT leaders in North America, Europe and the Middle East/North Africa region (MENA).
“You don’t have to wait until you’re attacked to take cybersecurity seriously, “said Jack Harrington, vice president of cybersecurity and special missions at Raytheon Intelligence, Information and Services. “From the board room to the president’s desk, rallying around the cybersecurity issue is critical to address the real threats we face as a global society.”
Experts said their senior leaders see cybersecurity efforts as a cost that cuts into profits. A large majority said their board of directors has not been briefed on their organization’s cybersecurity strategy in the last 12 months.
Raytheon’s survey identified seven "megatrends" expected to occur in the next three years:
1. Cybersecurity will be considered a competitive advantage and a priority by senior executives.
2. Cybercrime will continue to keep CISOs up at night.
3. Increased training will lower the risk that employees will unknowingly facilitate breaches.
4. Technology innovation will shift towards big data analytics, forensics and intelligence-based cyber solutions.
5. Organizations will only slowly address the security risks of the "Internet of Things,” the network of connected devices such as cars and home appliances.
6. The cyber talent gap, the demand for trained data security personnel, will persist.
7. Thanks to advanced training, more attention from senior leaders and maturing technologies, organizations’ cybersecurity readiness levels will improve.
Even as cybersecurity experts expect to enjoy more support from management, they say threats are growing in complexity and severity. Security leaders in the Middle East and North Africa identified zero-day attacks – incidents in which cyber criminals exploit an unknown hole in software – as the greatest emerging danger in the coming three years, followed by phishing and mobile malware. Only 31 percent of organizations are now prepared to deal with the security risks coming with the growth of the Internet of Things.
"With the UAE government on its way to move 1,000 services online, including access to medical records and driver’s licenses, and other countries in the region adopting similar initiatives, the Middle East is seeing more and more connected devices," said Dr. Faouzi Amar, technical director for international solutions at Raytheon Intelligence, Information and Services. "Building in network and data protection strategies will need to be part of such projects, and visionary cybersecurity leaders are working to meet the challenge."
Organizations of all types and sizes are feeling the pinch of the shortage of skilled cybersecurity professionals. The demand was confirmed in Raytheon’s study, with 66 percent of respondents reporting that their companies or agencies need more such workers.
"As in other global regions, the UK lacks sufficient cyber specialists,” said Graham LeFevre, head of cyber at Raytheon UK. “The UK Government is now putting a lot of effort into improving cyber education and training across the whole of the academic sector and is looking to industry to play a major role as well.”
Information security leaders continue to be optimistic about their organizations’ cyber future, with 64 percent expecting their organization’s security posture to improve three years from now. Only 10 percent believed their organization will become more vulnerable in the same period.