Senior professionals not confident in their security solutions
More than a third of senior security professionals aren't confident in their choice of security solution and as a result could be put in compromising positions as the organization uses its security posture as a selling point.
This is among the findings of the latest Cyber Confidence Report from Nominet. When asked how confident they were in an organisation’s final choice of security solutions, only 34 percent of CISOs say that they are only somewhat or slightly confident.
In addition, only 17 percent of those questioned believe that the array of technology making up their security stack is completely effective. Confidence is low following a breach too. 68 percent of those hit by a breach in the past 12 months don’t display a high level of confidence in their organization's ability to defend and recover from a similar attack again.
Interestingly US respondents are twice as likely as their UK counterparts to be very confident in the ability of an organization to defend against a similar attack; 40 percent compared to 22 percent respectively. That is despite the fact that almost twice as many respondents in the US compared to the UK reported more than 30 breaches in the past 12 months; 20 percent compared to 11 percent.
"It is critical that security professionals and the wider business are on the same page when it comes to cyber defence," says Stuart Reed, VP of cyber security at Nominet. "While it is natural that a CISO might be slightly more cautious about claiming the effectiveness of the security solutions in place -- because there is no silver bullet -- more than a third not being even moderately confident in the final choice of a security solution is a worry, particularly when businesses are touting the benefits of their cyber defence. This disconnect in cyber confidence should act as an alarm bell to organizations and potentially prompt some investigation and analysis."
A lack of knowledge about the effectiveness of their security stack could be generating a lack of confidence among senior security professionals too. 20 percent of CISOs either don’t test the performance of their security stack once it’s in place or don’t know if it is being tested.
You can find out more on the Nominet site.