Ponemon Institute Surveys CISOs on Cyberattack Risks in 2018


Ponemon Institute conducted a survey regarding data security and cyber risk. The survey was Opus-sponsored and involved the participation of 612 CIOs, CISOs and other information security professionals.

The results of the survey showed that more respondents have less confidence in cybersecurity defenses. 67% of respondents believed they will experience a cyberattack or data breach in 2018 compared to 60% of respondents in 2017.

A large number of data breaches in the past year were due to hackers. Malware is a serious data security threat but 70% of respondents said that the most likely cause of data breach is incompetent in-house staff — the careless employee that fall for fishing scams resulting in credential theft. 61% of respondents expect malware infections to happen in their organization and 59% of respondents expect cyberattacks and significant downtime.

Respondents mentioned the following as probable causes of data breaches:

  • poor protection of sensitive data (59%)
  • incapability to deal with sophisticated cyberattacks (56%)
  • lack of control on third parties using sensitive data (51%)
  •  the difficulty of securing Internet of Things (IoT) devices (60%)
  • using mobile devices (54%)
  • using cloud services (50%)

Protecting an organization from cyberattacks has become more difficult because of the changing threat landscape. So, performing a job in information security is really hard. 69% of respondents say that this job is going to be more stressful in 2018. 45% of respondents say they worry about getting fired after a cyberattack on their organization.

According to past surveys, the board does not have enough involvement in dealing with cybersecurity. This time, 50% of respondents said that C-Suite has more involvement in cybersecurity matters. Other areas that need improvement when it comes to dealing with cybersecurity concerns include: staffing, improved leadership, more cyber-intelligence, technology improvements and IT security budgets.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

VP Dov Goldman of Innovation & Alliances of Opus pointed out that even smart companies could not stop all data breaches. The key to preventing data breaches is implementing solid risk management programs along with good leadership, training, efficient frameworks and strong technology. The CISO has a big responsibility in protecting against sensitive data breaches. The company needs to support CISO to reduce their company’s vulnerability.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/