Cybersecurity Stakes Get Higher, But Many Companies Still Lag in Readiness

Staff Report From Georgia CEO

Thursday, June 16th, 2016

Technology professionals see many steps that could be taken to improve their company's security, according to the latest research report from CompTIA, the nonprofit association for the technology industry.

Just over half of the 500 security professionals surveyed for the Practices of Security Professionals study say their company has altered its security approach based on changes in IT operations; such as relying on more cloud-based solutions or making wider use of mobile devices and apps.

"Far more than half of all companies have adopted cloud computing and mobile devices," noted Seth Robinson, senior director, technology analysis, CompTIA. "This suggests that many companies are embracing new technology solutions without taking the corresponding actions necessary to build a proper defense. This poses huge challenges for the IT security professionals tasked with security responsibilities."

Nine in 10 IT professionals say security is of greater importance today to their companies than it was two years ago. While some improvements in security have been noted, there remains a wide swath of companies that could improve their standing, along with those that may be over-estimating their readiness.

"Simply placing a higher priority on security may not lead to improved measures," Robinson said. "Companies may not fully understand the nature of modern threats. It's incumbent on the IT pros to adequately communicate the requirements for modern security; the potential cost of weak defenses; and the specific actions that should be taken."

An Abundance of Challenges

IT professionals tasked with keeping digital assets safe face a multitude of challenges. Just under half (47 percent) say there's a belief within their company that existing security is "good enough." For 43 percent, other technology needs take a higher priority than security. Four in 10 cite a lack of security metrics; while a slightly smaller percentage (37 percent) point to a lack of budget dedicated to security.

Challenges extend to finding qualified security workers at a time when the demand for security skills is increasing. For example, job postings in the category "Information Security Analysts" rose 175 percent between Q1 2012 and Q1 2015, according to the Bureau of Labor Statistics.

Within the cybersecurity workforce there are skills gaps to close, too. Among companies with skills gaps, 53 percent want to be more informed about current threats.  About 40 percent feel that they need to improve their awareness of the regulatory environment.

"The use of technology has outpaced cybersecurity literacy, so there's also a growing need for the overall workforce to improve their knowledge and awareness of security issues," Robinson added.

Two-thirds of companies are engaged in security training for employees, making it the most popular option for building the right security skills within an organization. The study also found that 56 percent of firms will seek out IT security certifications for their technology staff.