Cyberattack risk still largely comes down to human error, regardless of how much organizations spend to bolster defense.
The chasm between investments intended to bolster an organization’s cybersecurity posture and unrelenting threats lurking throughout the IT environment illustrates the extent to which money often fails to meet the most pressing needs in cybersecurity.
It also signifies the pressure CISOs are under to prioritize spending in a manner that elicits the best defense and response.
Internal points of weakness represent the most worrisome threats among 200 CISOs and IT security decision makers surveyed by Nuspire. The respondents work at organizations with up to 10,000 employees and annual cybersecurity budgets ranging from $100,000 to more than $3 million.
Ransomware on employee-owned devices and phishing attacks targeting employees embody the biggest threat concerns, the survey concluded. CISOs and IT leaders pointed to IT, finance, sales and marketing as the most vulnerable departments in their respective organizations, according to Nuspire.
Very few organizations manage all of their cybersecurity needs in-house, and the services most likely to be outsourced are also the digital components most susceptible to attack, the survey found.
Cloud security posture management, cloud access security broker and endpoint detection and response are all outsourced at a rate of more than 40%, according to the IT leaders surveyed by Nuspire. Only 4% of respondents said their organization manages all cybersecurity internally.
Many organizations are struggling to defend and address the threat landscape, and this is exacerbated by a lack of resources and skills, said Rick Holland, Digital Shadows CISO and VP of Strategy.
Organizations can fill some gaps by outsourcing cybersecurity needs to third-party vendors, but it also introduces other challenges and organizations still own the risk, he said.
“You’ll never have that same knowledge of a company when you outsource a service to someone else,” Holland said. “You lose out on that internal knowledge, which can be a challenge as well.”
Get the free daily newsletter read by industry experts
Insurers evaluate how a company leverages technology and what internal standards are in place to manage risk.
A cyberattack with supply chain and legal consequences has stakeholders considering contract minutiae.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Share your announcement ➔
Insurers evaluate how a company leverages technology and what internal standards are in place to manage risk.
A cyberattack with supply chain and legal consequences has stakeholders considering contract minutiae.
The free newsletter covering the top industry headlines
