Aussie CSOs questioning tech value, rarely talk security with executives: Ponemon

Fully one-third of Australian cyber-security teams never speak with their company's executive team about security threats and a further 22 percent only meet once a year to discuss security, according to a new Ponemon Institute survey that has found fully a third of respondents would completely overhaul their IT security infrastructure if they could.

The global Exposing the Cybersecurity Cracks survey (Australian figures here surveyed security professionals in 15 countries, each having an average of 9 years' experience in the security field and some 200 practitioners surveyed in Australia.

Just 43 percent of respondents said their companies invest enough in skilled security personnel and technologies, with the Websense-sponsored survey confirming the anecdotal disconnect between business and security organisations. Only 10 percent of Australian respondents speaking with their executives as frequently as once a quarter and 21 percent speaking with them twice a year.

There was broad dissatisfaction with the performance of security solutions installed in respondents' companies, with only 10 percent saying they had never been disappointed in their security solutions and 47 percent saying they were “frequently disappointed” with the protection a security solution had provided.

Some 38 percent of Australian respondents saying they planned to make significant investments and adjustments to their cyber-security defences in the next 12 months. This figure was well behind the global figure, which confirmed that 49 percent of respondents globally were planning to upgrade their security infrastructures.

Respondents were open about the potential triggers that would encourage executives to invest more in security, with exfiltration of intellectual property named as a potential trigger by 65 percent of respondents. A data breach involving customer data was named by 58 percent, while 46 percent of respondents believed executives would invest more heavily in security if they faced a regulatory investigation of their company's data protection practices.

“Advanced persistent threats and data exfiltration attacks rank the top fears for IT security professionals,” Ponemon Institute chairman and founder Dr. Larry Ponemon said in a statement.

“These fears manifest because they believe their technology is in need of an overhaul and there is a widening gap in the knowledge and resource sharing among IT security professionals and executive staff. Encouragingly, the survey revealed plans for technology and education investment in place for the future.”

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecuritysecurityPonemon InstituteIT Securitywebsense

More about AdvancedWebsense

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place