Freely subscribe to our NEWSLETTER

· Application vulnerabilities were the top-rated threat to the security of enterprise data (72 percent of executives rated it as a chief concern), yet many executives also reported that the demands of their organisations make it difficult to develop and implement secure application development processes.

· Similarly, 70 percent of executives rated mobile devices as a top threat to their organisations, but many reported that they had not successfully implemented mobile security policies and programmes.

· The vast majority of security executives (77 percent in government and 63 percent in private industry) believe they have too few people on their IT security staff, yet 61 percent cited business conditions as an obstacle preventing them from hiring more personnel.

· Despite the concerns they registered over a shortage of trained personnel, more security executives plan to increase their spending on technology in the next year (39 percent) than on staffing (35 percent).

The new report, “A View From the Top - The (ISC)² Global Information Security Workforce Study CXO Report,” conducted through the (ISC)2 Foundation, offers a detailed perspective on the attitudes and plans of 1,634 C-level executives from enterprises around the world. The data was collected as part of (ISC)2’s sixth Global Information Security Workforce Study (GISWS) in partnership with Booz Allen Hamilton, conducted by Frost & Sullivan. The study offers a snapshot of the priorities, plans and concerns of top security executives in a wide range of industries – and the challenges they face in making decisions in today’s dynamic, turbulent cyber security environment.

“Senior security executives, it appears, are getting sidetracked from the key security issues at hand as they balance the pressures of an evolving threat landscape and the business,” said John Colley, Managing Director, (ISC)2 EMEA. “They recognise application vulnerability is the number one threat and yet they are unable to devote their time, attention and obvious leadership in the field to help correct the situation. It is imperative that they keep a strategic perspective on security, looking at the issues holistically in order to develop effective solutions to deal with problems, the nature of which is constantly changing.”

The report data indicates that top security executives are faced with a myriad of critical, yet sometimes paradoxical, security choices. For example, CXOs said that two of their chief cyber security concerns are potential damage to the organisation’s reputation (83 percent) and IT service downtime (74 percent). Yet when asked how they spend their time, the top two answers were governance, risk and compliance (GRC, 74 percent), and security management (74 percent), which indicates that administrative tasks and priorities dominate their daily agendas.

“Security is a dilemma for information security executives,” stated Michael Suby, Stratecast VP of Research at Frost & Sullivan and author of the report. “Data is proliferating and becoming more fluid, yet the need to protect it is greater than ever. Similarly, there is the challenge of today’s sophisticated attackers, who are becoming increasingly skilled at hiding their exploits. The most significant threat to an organisation is what it does not know or cannot detect.”

“It is clear that chief security executives are faced with an array of challenges that cannot be overcome by any single methodology or set of solutions,” commented William Stewart, senior vice president at Booz Allen Hamilton. “One of the biggest obstacles security departments face is the dynamic interplay between an organisation’s business and IT priorities and the rapidly changing nature of the threat environment. To overcome this challenge, CXOs need to focus on prioritising critical assets, closely collaborating with the other organisational leadership and conducting thoughtful and forward-looking threat analysis.”

Likely the largest study of the information security profession ever conducted, the 2013 GISWS was conducted in the fall of 2012 through a Web-based survey. Since its first release in 2004, the study gauges the opinions of information security professionals and provides detailed insight into important trends and opportunities within the information security profession. It provides a clear understanding of pay scales, skills gaps, training requirements, corporate hiring practices, security budgets, career progression, and corporate attitude toward information security that is of use to companies, hiring managers, and information security professionals. The full study can be found here: https://www.isc2cares.org/IndustryResearch/GISWS/.