Data theft overtakes ransomware as IT pro's biggest worry
Of over 200 IT security decision makers surveyed, data theft is cited as the biggest concern by 55 percent, followed by phishing (35 percent) with ransomware taking third place on 29 percent.
The study from Integrity360 shows that in terms of actual incidents phishing is the most common (46 percent), with data theft second on 27 percent. Ransomware, at only 15 percent, is ranked among the least common incidents being seen by businesses.
Brian Martin, head of product development, innovation and strategy at Integrity360 says, "IT environments have become increasingly complex with many enterprises now employing multi-cloud strategies and multiple products, which can leave gaps in security, and see businesses paying for underutilized and overlapping tools unnecessarily. Consolidation of cybersecurity architectures can strengthen risk posture, reduce the number of tools and vendors in place, eliminating silos, reducing costs and improving overall security posture."
Security alerts are on the increase, with 89 percent of respondents reporting a higher volume of security alerts over the past 12 months, with 76 percent reporting an increase of between one and 50 percent of alerts. 26 percent of those reported a 26 to 50 percent increase in alerts, highlighting the mounting pressure on security teams and the incessant threats that businesses are facing.
Insufficient budgets (31 percent) are highlighted as the top challenge for effectively responding to incidents, followed by the complexity of incidents (27 percent) and lack of board-level understanding of incident response (27 percent). A shortage of IR skills, experience and tools (38 percent) are also seen as being significant hurdles.
"Insufficient budgets can leave organizations vulnerable to attack. Businesses need to prioritize cybersecurity spend to avoid the financial and reputational ramifications that will often outweigh any initial investment in cybersecurity tools and processes. Likewise, being able to respond quickly is vital in the wake of a cybersecurity incident and investing in IR services, training and expertise can make all the difference when responding to a breach or serious incident," adds Martin.
The need for speed is considered as the most stressful aspect of responding to a cybersecurity incident as 40 percent of respondents noted the need to act quickly as being stressful, whilst the sense of responsibility is cited by 31 percent. Interestingly, the fear of being wrong (24 percent) ranks higher than difficulty in diagnosing the incident (22 percent). C-level executives fear being wrong more than information security analysts -- perhaps because the fallout from a poor response to a cyber incident could be worse or even catastrophic for them and their career.