More than three in 10 organizations don’t have a cybersecurity expert on staff, researcher Gartner said, based on data from its new 2018 CIO Agenda Survey.
The finding -- culled from responses offered by 3,160 CIOs across multiple geographic regions and major industries accounting in aggregate for some $13 trillion in revenue and $277 billion in IT spending -- appears to run counter to the study participants’ near unanimous expectation that cyber attacks will increase over the next three years.
If not equipped with top security pros to handle your cybersecurity business than who and what will defend you? Good question. "We're understaffed" is the nettlesome answer these days: The study points out that skills challenges continue to plague organizations, with digital security staffing shortages considered a top inhibitor to innovation.
Here’s some more survey results along with Gartner’s comments.
On cybersecurity solutions:
- Many cyber criminals not only operate in ways that organizations struggle to anticipate but also demonstrate a readiness to adapt to changing environments.
"In a twisted way, many cybercriminals are digital pioneers, finding ways to leverage big data and web-scale techniques to stage attacks and steal data," said Rob McMillan, research director at Gartner. "CIOs can't protect their organizations from everything, so they need to create a sustainable set of controls that balances their need to protect their business with their need to run it."
- 36 percent of survey respondents said their organization have invested in and deployed some digital security.
- 36 percent are actively experimenting or planning to implement digital security soon.
- 60 percent of security budgets will target detection and response capabilities by 2020.
"Taking a risk-based approach is imperative to set a target level of cybersecurity readiness," said McMillan. "Raising budgets alone doesn't create an improved risk posture. Security investments must be prioritized by business outcomes to ensure the right amount is spent on the right things."
On new attack vectors:
- Business growth, a top priority for CIOs in 2018, can bring with it supply chain security issues and the corresponding new attack vectors and new risks.
"The bad news is that cybersecurity threats will affect more enterprises in more diverse ways that are difficult to anticipate," McMillan said. "While the expectation of a more dangerous environment is hardly news to the informed CIO, these growth factors will introduce new attack vectors and new risks that they're not accustomed to addressing."
On the cybersecurity skills gap:
- 93 percent of CIOs at top-performing organizations said that their organizations are more open to new ways to find qualified cybersecurity job candidates and novel training avenues.
"Cybersecurity is faced with a well-documented skills shortage, which is considered a top inhibitor to innovation," said McMillan. "Finding talented, driven people to handle the organization's cybersecurity responsibilities is an endless function."
- Gartner said it recommends that chief information security officers (CISOs) continue to build bench strength through innovative approaches to developing the security team's capabilities.