Around the world, cyberattacks on businesses are getting more powerful and harder to stop. Corporate boards aren't being briefed on cybersecurity, and executives don't see it as a strategic priority. Meanwhile, information security officers will become more important – and more stressed out.
Those are among the findings of the 2018 Study on Global Megatrends in Cybersecurity, a survey sponsored by Raytheon and conducted by the Ponemon Institute. The survey, conducted in late 2017, looks at commercial cybersecurity through the eyes of those who work on its front lines. More than 1,100 senior information technology practitioners from the United States, Europe, and the Middle East/North Africa region weighed in on the state of the industry today, and where it's going over the next few years.
Among their insights:
The Internet of Things is an open door: 82% of respondents predict unsecured IoT devices will likely cause a data breach in their organization. 80% say such a breach could be catastrophic.
More ransomware on the way: 67% believe cyber extortion, such as ransomware, will increase in frequency and payout.
Cyber warfare growing likelier: 60% predicted attacks by nation-state actors against government and commercial companies will worsen and could lead to a cyber war. 51% of respondents say cyber warfare will be a high risk in the next three years, compared to 22% who feel that way today. Similarly, 71% say the risk of breaches involving high-value information will be very high, compared to 43% who believe that risk is high today.
Confidence is slipping: Less than half of IT security practitioners surveyed believe they can protect their organizations from cyber threats. That’s down from 59% three years ago.
For execs, cybersecurity is taking a back seat: Only 36% of respondents say their senior leadership sees cybersecurity as a strategic priority, meaning less investment in technology and personnel.
Corporate boards aren't engaged: 68% of respondents say their boards of directors are not being briefed on what their organizations are doing to prevent or mitigate the consequences of a cyber attack.
IT professionals are feeling pessimistic about progress: 54% believe their organization's cybersecurity posture will either stay the same or decline. 58% believe staffing problems will worsen, and 46% predict artificial intelligence will not reduce the need for experts in cybersecurity.
CISOs' stress levels will rise: When asked to rate their level of stress today and three years from now on a scale from 1 = low stress to 10 = high stress, respondents’ stress rating is expected to rise to a new high of 8.08.
Direct effect on shareholder value: 66% believe data breaches or cybersecurity exploits will seriously diminish their organization's shareholder value.