There’s been a big push lately by the top political echelon of the U.S. to focus more on cybersecurity – witness President Obama’s recent cybersecurity summit held in Silicon Valley or comments this week by Sen. Ron Johnson (R-WI) noting that cyberattacks cost U.S. businesses approximately $100 billion per year.
Yet down in the trenches, across a wide variety of businesses, there seems to be a growing feeling that we’re outgunned when it comes to cybersecurity.
That poll of 678 U.S.-based senior information technology (IT) practitioners in financial services, the federal government, healthcare, utilities, energy, pharmaceutical, and chemical sectors found that a majority don’t feel confident in the ability of company leadership to leverage cyber intelligence to effectively combat threats – despite an uptick in cyberattacks.
A majority of respondents (75%) to Lockheed’s survey noted an increase in the severity and frequency (68%) of cyberattacks, but feared that they don't have the budget (64%) or the expert personnel (65%) to effectively fight them.
"This survey illuminates areas of concern about cyber readiness across government and critical infrastructure industries," noted Guy Delp, Lockheed’s director of cybersecurity and advanced analytics.
"The results highlight that the challenges in this domain are universal across both industry and government, and therefore our response needs to be equally holistic,” he said.
Here are some other findings from Lockheed’s cybersecurity survey:
- Many organizations are relying on intuition, rather than intelligence, to assess their security levels: Business and government respondents who felt that they were not presently being targeted for attack relied on their intuition (35%) or logical deduction (33%) rather than data or intelligence (32%) to justify their beliefs.
- Whether malicious or negligent, insiders continue to be among the greatest perceived cyber threats: Some 36% of respondents said that negligent insiders were the most significant network vulnerability facing their organization, and more than half (53%) ranked malicious insiders in their top four threats.
- The most serious risks do not receive the most budget: The top two factors impacting an organization's cybersecurity posture – employee cyber awareness and supply chain security – receive only 4% and 15% of cybersecurity budgets, respectively. Top budget items, such as mobile and cloud security, are both perceived to be lower threat levels.
"Compliance was rated the top cybersecurity business priority by the survey respondents," noted Lockheed’s Delp. "Though somewhat surprising, it is a tell-tale sign that organizations feel the pressure to meet industry security compliance requirements. While satisfying compliance standards is important, organizations should view it as a foundation on which to build a more comprehensive security posture."
And where transporting freight is concerned, establishing solid cybersecurity “posture” is going to become only more critical in the years ahead.