Shift in cyber security pressures from boardroom to individuals

Trustwave today released a report based on a global survey of 1,600 information security decision makers that measures the immense pressure in-house cyber security professionals face and the key drivers behind that pressure.

The fourth-annual report also provided a year-over-year comparison of 2015 and 2016 and includes regional viewpoints from the United States, Canada, United Kingdom, Australia, Singapore and, for the first time, Japan. The report offers recommendations to help businesses ease employee distress and create higher-performing security teams.

The new study shows that while 53% of respondents report increased pressure in trying to secure their organisation, there has been a shift in the source of this stress.

>See also: The changing role of the CIO and boardroom in 2017

Security is now becoming more personal, with 24% of respondents citing pressure exerted by oneself as the second-biggest human pressure pusher, up 13% from the previous year.

This is compared to 46% citing the most people pressure coming from boards, owners and c-level executives, which dropped 13% in the last year. This shift in pressure highlights that individuals may be starting to understand the bigger role they play in helping to enable their organisation’s security posture.

Daunting repercussions for businesses and individual

The new cyber threat landscape is a daunting place, with 42% of the respondents citing their biggest fear following a cyber attack or breach as reputational damage to themselves and their company. This fear took the lead ahead of financial damage to one’s company (38%) and termination (11%).

Managing on a global scale

31% of respondents partnered with a managed security services provider (MSSP) to help compensate for lack of skilled security professionals, while 26% of respondents are involved in a partnership between in-house teams and an MSSP.

Quality over quantity

In terms of operational pressure, shortage of security expertise has emerged as the second biggest pressure facing security pros at 15%, behind advanced security threats at 29%.

Although companies are facing a large skills gap, 24% of respondents would rather increase the security skills among staff members rather than increase their staff (3%), confirming the desire to grow their skills versus throwing bodies at the pressures they face.

>See also: Elevating data risk management to the board level

Computer kidnapping

30% of respondents rank customer data theft as the most worrisome outcome of a cyberattack or data breach. Next is ransomware, for which 18% of respondents view as the most unsettling post-incident consequence.

Internal vs. external

Respondents are nearly evenly split on who they are more pressured to protect against, with 51% citing external threats (a drop of 7% from last year) and 49% naming internal threats.

Progress in prioritising security over speed

65% of respondents felt pressure to roll out IT projects before they had undergone necessary security checks/repairs, compared to 77% over the previous two years, while 35% of respondents did not feel pressured to deploy new technology quickly, up 12% from last year.

>See also: A digital divide in the boardroom

Latest and greatest

Pressure to select security technologies containing the latest features dropped from 74% in last year’s report to 64% this year, despite 27% of respondents citing that they lack the proper in-house resources to effectively use them.

“Findings show that the pressures cyber security professionals face have become much more personal than in previous years, as executives recognise that pressure does not translate into better performance – instead it may lead to stress, burnout, and faults,” said Chris Schueler, senior vice president of Managed Security Services at Trustwave.

“In an era where security talent is at a premium, organisations cannot afford to lose these skilled individuals. My advice to those facing these pressures head on is to no longer think of security as a siloed discipline. To build a successful security program, you must establish both internal and external allies. Partnering with a managed security service provider can help compensate for and amplify areas of your security program that you find too complex or lack the internal resources to address.”


Nominations are now open for the Tech Leaders Awards 2017, the UK’s flagship celebration of the business, IT and digital leaders driving disruptive innovation and demonstrating value from the application of technology in businesses and organisations. Nominating is free and simply: just click here to enter. Good luck!

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Cyber Security