Cyber Security: Top Concerns for U.S. Organizations
Fact: 53% of U.S. organizations plan to hire more cyber security professionals in 2016 but 59% of U.S. organizations report that when hiring new graduates for entry-level cybersecurity positions, it is difficult to identify who has an adequate level of skills and knowledge.
Fact: 82% of U.S. organizations report that they would be more likely to hire a cyber security job candidate who holds a performance-based certification (Source: 2016 Information Systems Audit and Control Association’s Cyber Security Survey).
Cyber security is now an internationally recognized concern. Indeed, everyday organizations across the United States and around the world are targeted by hackers. To help identify emerging threats, every year, ISACA (the Information Systems Audit and Control Association) conducts an international survey to identify the top cyber security issues facing organizations. In 2016, 862 U.S. based organizations responded to the survey. While the survey includes organizations across sectors, in 2016, more than half of the U.S. respondents were technology, financial or military/government organizations. The results (summarized below) suggests that cyber security is recognized as a major concern by most U.S. organizations and that there are some common concerns and obstacles that cut across organizations regardless of their size or sector. See Information technology courses to help you with Cyber security.
Key Findings of ISACA’s 2016 Cyber Security Survey
50% of organizations surveyed believe that in 2016, there is a medium likelihood of a cyber security attack that disrupts critical infrastructure (e.g., electrical grid, water supply systems); 34% of organizations surveyed believe that the likelihood of such an attack is high.
68% of organizations do not support governments having backdoor access to encrypted information (internationally, the response was only 63%).
Asked to rank cyber security threats, U.S. organizations ranked the threats as follows:
- Social engineering: 57%
- Advanced persistent threat: 42%
- Insider threats: 41%
- Unpatched systems: 37%
- Malware: 30%
- Cybercrime: 30%
- DDos: 18%
- Ransomware: 18%
- Mobile walware: 17%
84% of organizations surveyed favor requiring companies to notify customers within 30 days of the discovery of a data breach.
Organizations’ biggest concern about notifying customers of a data breach is company reputation.
72% of U.S. organizations support the U.S. Cybersecurity Act of 2015, which encourages cyberthreat information sharing between the private sector and government, but only 46% of organizations would voluntarily share cyberthreat information as outlined in the US Cybersecurity Act of 2015 if they did experience a breach.
53% of U.S. organizations plan to hire more cyber security professionals in 2016.
59% of U.S. organizations say, “when hiring new graduates for entry-level cyber security positions it is difficult to identify who has an adequate level of skills and knowledge.”
82% report that they would be more likely to hire a cyber security job candidate who holds a performance-based certification.
30% of organizations surveyed could not identify which factors pose the biggest security risk to their data center environment.
Interpreting the Results
ISACA’s survey is important on several key levels. First, the survey suggests that cybersecurity is a recognized concern for most organizations but one that is still not fully understood. Indeed, many organizations were unable to identify which factors pose the biggest threat to their data center environment. Second, the survey reveals that while most organizations recognize the need to hire more cyber security professions, they do not necessarily know how to recruit qualified personnel. Third, the survey suggests that certification and training matter when it comes to hiring.
eLeaP’s Affordable and Accessible Cyber Security Training Program
To help scale up your cyber security training, eLeaP has developed an affordable and accessible annual security awareness certificate program. Based upon globally recognized standards in information and security awareness, this four-step program is an effective way to ensure that all your employee are prepared to tackle cyber security threats. The program includes four critical steps.
Step 1: Assessment
Find out how to survey your organization and identify threats and allies. For example, do you have a Certified Ethical Hacker on staff? If so, deploy them to test your system.
Step 2: Education
Ensure that anyone who has access to a computer knows how to protect their own log in data and files and how to securely transfer data.
Step 3. Post-Assessment
Test employees’ knowledge to ensure everyone has successfully completed the training.
Step 4. Certification
Award certification to all employees who take and pass a post-training course. Certification is good for your organization but also a transferable skill for your employees. As noted above, a majority of organizations consider certification a key factor when hiring cyber security professionals.