Majority Of IT Workers Unprepared To Handle Cybersecurity – Survey


A recent survey of cybersecurity and information security professionals shows that seventy-four percent of respondents indicated they think it is highly likely or likely their organization will experience a cyber attack this year, according to ISACA, an independent, nonprofit, global organization dedicated to improved information systems.

Those surveyed all have professional cybersecurity or information security responsibilities. About two-thirds of the respondents live in the U.S. or Europe and 69 percent work for companies with more than 1,000 employees.

The survey revealed that many security professionals lack confidence in the ability of their team members to effectively deal with cybersecurity threats. Only 75 percent of security professionals indicated they were confident in their team’s ability to detect and respond to cybersecurity incidents. Of those, 60 percent said they did not believe their staff could handle anything beyond a simple incident.

In the survey, 61 percent of respondents indicated cybersecurity professionals lack the technical skills to perform their duties effectively. Another 75 percent reported information security employees often lack the “ability to understand the business.”

ISACA’s January 2016 Cybersecurity Snapshot looks at cybersecurity issues facing organizations this month and beyond—from reactions to new cybersecurity legislation, to insights on information sharing and top cyber threats.

Among the key findings from nearly 3,000 IT and cybersecurity professionals worldwide:

The top three cyber threat concerns for 2016 are social engineering, insider threats and advanced persistent threats (APTs).

  • 84 percent of respondents believe there is a medium to high likelihood of a cybersecurity attack disrupting critical infrastructure (e.g., electrical grid, water supply systems) this year.
  • 72 percent of respondents say they are in favor of the US Cybersecurity Act, but only 46% say their organizations would voluntarily participate in cyber threat information sharing, as outlined in the Act.