ISACA January 2016 Cybersecurity Snapshot US Results. Number of respondents (n) = 862

Transcription

1 ISACA January 2016 Cybersecurity Snapshot US Results Number of respondents (n) = 862 Media Inquiries: Kristen Kessinger, ISACA, , news@isaca.org Sara Bosco, Ketchum, , sara.bosco@ketchum.com 1. What do you believe is the likelihood of a cybersecurity attack that disrupts critical infrastructure (e.g., electrical grid, water supply systems) in 2016? n=861 High 34% Medium 50% Low 14% Unsure 2% 2. Do you believe governments should have backdoor access to encrypted information systems? n=858 Yes 15% No 68% Unsure 17% 3. Of the following threats, which THREE are of most concern to your organization in 2016? (Please select up to three.) n=862 Advanced persistent threat (APT) 42% DDoS 18% Ransomware 18% Social engineering 57% Watering hole 3% Insider threats 41% Malware 30% Mobile malware 17% Unpatched systems 37% Cybercrime 30% None of the above 1%

2 4. Are you in favor of regulation requiring companies to notify customers within 30 days of the discovery of a data breach? n=861 Yes 84% No 9% Unsure 8% 5. Of the following, what do you think is the greatest challenge companies would face if they needed to notify consumers of a data breach within 30 days of its discovery? n=861 Increased cost 15% Not enough human resources 14% Systems not designed for this 19% Concern over corporate reputation 38% Other 14% 6. Are you in favor of the US Cybersecurity Act of 2015, which encourages cyberthreat information sharing between the private sector and government? n=860 Yes 72% No 10% Unsure 15% Not applicable to my organization 2% 7. If your organization experienced a breach, do you believe it would voluntarily share cyberthreat information as outlined in the US Cybersecurity Act of 2015? n=858 Yes 46% No 13% Unsure 34% Not applicable to my organization 7% 8. Do you believe privacy is being compromised in the effort for stronger cybersecurity regulation/legislation? n=860 Yes 55% No 29% Unsure 16%

3 9. Does your organization plan to hire more cybersecurity professionals in 2016? n=861 Yes, and we expect it will be difficult to find skilled candidates 53% Yes, and we expect it to be easy to find skilled candidates 3% No 23% Unsure 21% 10. In general, when hiring new graduates for entry-level cybersecurity positions: n=859 It is easy to identify who has an adequate level of skills and knowledge. 21% It is difficult to identify who has an adequate level of skills and knowledge. 59% Unsure 20% 11. Would you be more likely to hire a cybersecurity job candidate who holds a performance-based certification (i.e., earning the credential requires a direct demonstration of hands-on cyber skills)? n=862 Yes 82% No 6% Unsure 13% 12. Has your organization experienced a ransomware incident? (Ransomware is a harmful virus that blocks a user from its computer and demands a fee to return to access.) n=860 Yes 19% No 60% Unsure 21% 13. What steps, if any, is your company taking to address the European Union court s invalidation of the Safe Harbor law (select one)? n=861 Not aware of this 13% None waiting to see what happens 15% Some developing work around plans 15% Significant has changed how our business works 4% Not applicable 30% Don t know 23%

4 14. Which of the following, if any, poses the biggest security risk to your data center environment (select one)? n=854 Virtualized servers 18% Virtualized networking 16% Containers 3% Non-virtual servers 11% Not applicable 9% Don t know 30% Other 13% 15. How has the risk of insider threats (privileged users) changed in your environment since last year (select one)? n=857 This year has seen a reduced risk 14% It has not increased 29% Minimal risk increase 11% Some risk increase 25% Significant risk increase 7% Don t know 12% Not applicable 3% 16. Which of the following, if any, has been a response to improving security in the virtualized data center (select all that apply)? n=860 Air gap different types of workloads (sensitive vs non-sensitive) 23% Adding two factor authentication 47% Adding dual person approvals for certain actions 21% Using a password manager for checking in/out password access to systems 21% None of the above 13% Not applicable 8% Don t know 18% 17. Please indicate your age group: n= to 24 years 0% 25 to 34 years 8% 35 to 44 years 19% 45 to 54 years 35% 55 to 64 years 32% 65 to 74 years 6% 75 years or above 0%

5 19. In what industry do you work? n=859 Financial/Banking 21% Insurance 6% Public Accounting 3% Transportation 0% Aerospace 1% Retail/Wholesale/Distribution 3% Government/Military 14% Technology Services/Consulting 20% Manufacturing/Engineering 4% Telecommunications/Communications 2% Mining/Construction/Petroleum/Agriculture 1% Utilities 4% Legal/Law/Real Estate 1% Healthcare/Medical 8% Pharmaceutical 1% Advertising/Marketing/Media 1% Education/Student 3% Other 6% 20. Which job title is closest to yours? n=857 Student 0% External Consultant 11% Professor/Teacher 1% Practitioner 16% Supervisor 5% Manager 27% Director 16% Vice President 5% CIO/CISO/CAE 9% President/CEO 2% Other 8% Note: Due to rounding, percentages may not add up to 100. About ISACA s January 2016 Cybersecurity Snapshot Survey The January 2016 Cybersecurity Snapshot is a global indicator of the current threats, issues and opportunities facing cybersecurity professionals today. Conducted by ISACA, a global association of more than 140,000 IT security, assurance, risk and governance professionals, the January 2016 Cybersecurity Snapshot is based on online polling of 2,920 ISACA members in 121 countries. To see the full results, visit