Ponemon & Lancope Survey: CEOs in the Dark About Cyber-Attacks by Angela Frechette Cannon

Lancope recently released the results of a very telling survey conducted by the Ponemon Institute entitled “Cyber Security Incident Response: Are we as prepared as we think?” The research surveyed 674 IT and IT security professionals in the U.S. and UK to measure the efficacy of their incident response procedures.

Unfortunately, the survey uncovered that many organizations are ill-prepared to fend off today’s constant barrage of advanced threats. It also revealed that CEOs and other members of the management team are often in the dark about the threats facing their companies.

 

 

 

 

 

 

 

 

 

 

 

                                                                                                                                                            Despite the fact that 57 percent of organizations said they expect to experience a material security breach within the next year, only 20 percent of incident response teams frequently communicate with upper-level management about these threats. What’s more, half of all respondents said that less than 10 percent of their security budget is spent on incident response, and most said their incident response budgets have not increased in the past 24 months.

What percentage of your organization’s security budget is allocated to incident response?

 

 

 

 

 

 

 

Source: The Ponemon Institute

According to Dr. Larry Ponemon, chairman and founder of the Ponemon Institute:                     “The findings of our research suggest that companies are not always making the right investments in incident response. As a result, they may not be as prepared as they should be to respond to security incidents.”

Mike Potts, president and CEO of Lancope added:                                                                                “Now is the time for C-level executives and IT decision-makers to come together and develop stronger, more comprehensive plans for incident response. This communication is critical if we want to reduce the astounding frequency of high-profile data breaches...”

When asked what kind of security tools are most effective for detecting breaches, 80 percent chose the analysis of audit trails from sources like NetFlow and packet captures. This choice was more popular than intrusion detection systems and anti-virus software.

Most effective security tools for detecting security breaches

 

 

 

 

 

 

 

 

Source: The Ponemon Institute

Media Coverage

The survey has already garnered significant media coverage. Here are some sample stories:

CNBC - http://www.lancope.com/resource-center/videos/lancope-on-closing-bell/

The Wall Street Journal - http://blogs.wsj.com/riskandcompliance/2014/01/24/survey-roundup-unaware-ceos-climate-risks-to-supply-chains/?KEYWORDS=lancope

SC Magazine (video) - http://www.scmagazine.com/video-an-extensive-approach-to-security/article/331249/

PC Magazine - http://securitywatch.pcmag.com/security/320023-amid-attacks-ceos-in-the-dark-about-cyber-security

SC Magazine UK - http://www.scmagazineuk.com/lancope-cto-sees-clear-disconnect-between-board-and-security/article/331534/

Survey Result Presentations

Results of the survey will be presented during an RSA Conference panel discussion on Wednesday, February 26 at the Moscone Center in San Francisco.

The results were also recently discussed during a free Lancope webinar that can be accessed here.

For a full copy of the study, please visit: http://www.lancope.com/ponemon-incident-response/.