Ponemon Institute Surveys CISOs on Cyberattack Risks in 2018


Ponemon Institute conducted a survey regarding data security and cyber risk. The survey was Opus-sponsored and involved the participation of 612 CIOs, CISOs and other information security professionals.

The results of the survey showed that more respondents have less confidence in cybersecurity defenses. 67% of respondents believed they will experience a cyberattack or data breach in 2018 compared to 60% of respondents in 2017.

A large number of data breaches in the past year were due to hackers. Malware is a serious data security threat but 70% of respondents said that the most likely cause of data breach is incompetent in-house staff — the careless employee that fall for fishing scams resulting in credential theft. 61% of respondents expect malware infections to happen in their organization and 59% of respondents expect cyberattacks and significant downtime.

Respondents mentioned the following as probable causes of data breaches:

  • poor protection of sensitive data (59%)
  • incapability to deal with sophisticated cyberattacks (56%)
  • lack of control on third parties using sensitive data (51%)
  •  the difficulty of securing Internet of Things (IoT) devices (60%)
  • using mobile devices (54%)
  • using cloud services (50%)

Protecting an organization from cyberattacks has become more difficult because of the changing threat landscape. So, performing a job in information security is really hard. 69% of respondents say that this job is going to be more stressful in 2018. 45% of respondents say they worry about getting fired after a cyberattack on their organization.

According to past surveys, the board does not have enough involvement in dealing with cybersecurity. This time, 50% of respondents said that C-Suite has more involvement in cybersecurity matters. Other areas that need improvement when it comes to dealing with cybersecurity concerns include: staffing, improved leadership, more cyber-intelligence, technology improvements and IT security budgets.

VP Dov Goldman of Innovation & Alliances of Opus pointed out that even smart companies could not stop all data breaches. The key to preventing data breaches is implementing solid risk management programs along with good leadership, training, efficient frameworks and strong technology. The CISO has a big responsibility in protecting against sensitive data breaches. The company needs to support CISO to reduce their company’s vulnerability.