According to the annual EY’s Global Information Security Survey 2015, 88% do not believe their information security structure fully meets their organization’s needs.
When it comes to IT security budgets, 69% say that their budgets should be increased by up to 50% to align their organization’s need for protection with its managements’ tolerance for risk.
The most likely sources of cyber-attacks are: criminal syndicates (59%), hacktivists (54%) and state-sponsored groups (35%) retained their top rankings. However, compared with 2014’s survey, respondents rated these sources as more likely: up from 53%, 46%, and 27%, respectively, in 2014.
The survey found that companies currently feel less vulnerable to attacks arising from unaware employees (44%) and outdated systems (34%); down from 57% and 52%. However, they feel more threatened today by phishing and malware. 44% of respondents (compared with 39% in 2014) ranked phishing as their top threat; 43% consider malware as their biggest threat versus 34% in 2014.
The survey also finds that organizations are falling short in thwarting a cyber-attack: 54% say they lack a dedicated function that focuses on emerging technology and its impact, 47% do not have a security operations center and 36% do not have a threat intelligence program, while 18% do not have an identity and access management program.
More than half (57%) said that the contribution and value that the information security function provides to their organization is compromised by the lack of skilled talent available, compared with 53% of respondents in the 2014 survey, indicating that the situation is deteriorating, rather than improving.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now