In their ‘Roadblocks, Refresh & Raising the Human security IQ' study, the two companies surveyed nearly 5,000 security professionals across the globe with at least 10 years' experience each and discovered a whole host of topical issues, from limited cyber security knowledge among the C-suite to concerns around current security systems.
“This Ponemon Institute security survey highlights that a lack of communication, education and inadequate security systems is making it possible for cyber-criminals to attack organisations across the globe,” said Websense CEO John McCormack in a statement to the press.
“It's not surprising that many security professionals are disappointed with the level of protection their current solutions provide, as many still use legacy solutions that cannot disrupt the kill chain to prevent data theft.”
Of the findings, arguably the most poignant was that nearly one in three (29 percent) IT professionals would completely overhaul their current enterprise security system given the resources and opportunity, while only 38 percent believed that their firm was investing enough in skilled personnel and technologies.
Almost half of all respondents (47 percent) said that they were ‘frequently disappointed' with the level of protection offered by a security solution that they had procured and only 12 percent said that they had never been disappointed in their chosen security solutions.
One in two (56 percent) of respondents believed that a data breach would trigger a change of security vendors, but on a more encouraging note – 49 percent said that they were planning to make ‘significant' investments and adjustments to cyber security defences over the next year.
“Advanced persistent threats and data exfiltration attacks rank as the top fears for IT security professionals,” said Dr Larry Ponemon, chairman and founder of the Ponemon Institute. “These fears manifest because they believe their technology is in need of an overhaul and there is a widening gap in the knowledge and resource sharing among IT security professionals and executive staff.”
Falling down on boardroom support, security training
The report also highlighted the continuing concerns around security training awareness and a lack of boardroom support, issues that were raised in a separate study of some of the UK's top chief information security officers (CISOs) last week.
On the lack of C-level awareness, 31 percent of cyber security teams said that they never spoke with their executive team about cyber security, with a further 23 percent and 19 percent saying that they did so only on an annual and bi-annual basis respectively. Just over one in ten (11 percent) spoke to the boardroom about such matters on a quarterly basis, and one percent spoke to them weekly.