Light Dark
June 12, 2018 By Shane Schick 2 min read

While much of what happens in a modern business depends on how data moves back and forth across the corporate network, concern about network security has risen by 71 percent in the past year, according to a recent survey of chief information officers (CIOs). Despite this growing awareness, however, only 22 percent of respondents said they felt prepared for a cyberattack.

The report showed that the role of IT leaders, which includes everything from selecting hardware and software applications to digitizing business processes, is more difficult than ever thanks to the ever-expanding list of cybersecurity risk management challenges. In fact, 78 percent of chief information officers (CIOs) described the systems they use for cybersecurity risk management as only “moderately effective.”

Cybersecurity Risk Management Lags Despite Growing Concern

The findings of the “KPMG/Harvey Nash CIO Survey 2018” reflect how security leaders’ perception of data protection has changed given the evolution of cybercrime from random acts of information theft to sophisticated malware, ransomware and distributed denial-of-service (DDoS) attacks. For instance, 77 percent of survey respondents cited the threat of organized cybercrime as their greatest concern.

The survey results revealed a disconnect between the number of CIOs who are worried about their ability to defend corporate networks against malicious third parties and insider threats and the number of security leaders who are taking meaningful action. While 23 percent of respondents said they have increased their emphasis on security since 2017, the number of CIOs who cited managing risk and compliance as an area of focus rose by only 12 percent.

The Skills Gap and GDPR Create New Risk Management Challenges

The report suggested that the cybersecurity skills shortage might be contributing to this disconnect. The dearth of security and resilience skills, for instance, increased by 25 percent year-over-year. The good news, according to the report, is that cybersecurity risk management is quickly becoming a top priority for board directors.

It’s also worth noting that the report’s authors conducted their research as the General Data Protection Regulation (GDPR) was about to take effect. Despite all the cybersecurity risk management requirements included in the regulation, 38 percent of survey respondents admitted that they would not be ready for the since-passed deadline.

 |  |  |  |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

November 22, 2024

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature