A majority of organizations think they will experience a cyber security attack this year, and many are not prepared, according to a new report from ISACA, a global association that helps individuals and enterprises optimize their use of technology.
ISACA’s State of Cyber Security report, based on a survey of more than 600 security executives worldwide, shows that four out of five organizations think they will be attacked this year. Only 46 percent of those organizations have confidence in their cyber defense teams.
“There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner,” said Christos Dimitriadis, ISACA board chair and group head of information security at INTRALOT. “Cyber security professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced and prepared.”
Among the other key findings of the research is that cyber security budgets are still expanding, but more slowly. Half of the respondents (50 percent) anticipate budget growth over the next year, which is down from 61 percent last year.
Enterprises continue to have difficulty finding qualified personnel. Only 30 percent receive 10 applicants or more for an open position, of which less than half are qualified. At the same time, the threat environment is increasingly hostile, with 53 percent of respondents reporting an increase in attacks in 2016.
The Internet of Things (IoT) is replacing mobile technology as a major area of concern. IoT concerns show no sign of slackening, the report said. And ransomware is expanding, but the processes to address it are not. About two thirds of organizations (62 percent) experienced ransomware attacks in 2016, but only 53 percent have a formal process in place to address it.