A new Ponemon Institute study, 2015 Global Megatrends in Cybersecurity, surveyed over 1,000 senior-level IT and IT security professionals from around the world to gather intelligence about future cyber security trends.
Covering subject areas including “the critical disconnect between CISOs and senior leadership, insider negligence, the Internet of Things, adoption of new technologies such as big data analytics, predictions of increases in nation state attacks and advanced persistent threats and the dearth of cyber talent”, the report aims to “understand the big trends or changes that will impact the security posture of organizations in both the public and private sector in the next three years.”
UK and EU least optimistic
Although the majority of respondents believe their cyber security posture will improve in the next three years, respondents from the UK and EU were the least optimistic about the future – for the following reasons:
- Inability to hire and retain expert staff.
- Lack of actionable and timely intelligence.
- Employee-related risks might not be reduced.
- A lack of funding will prevent appropriate investments in people and technologies.
- Technologies that address the specific cyber threats to the organisation will not be available.
Cyber security a C-level priority
Among other “megatrends”, the report also predicts that cyber security “will become a competitive advantage and a C-level priority” in the next three years, and that there will be “significant increases” in the risk of “advanced persistent threats, cyber warfare or terrorism, data breaches involving high value information and the stealth and sophistication of cyber attackers”.
The skills shortage persists
Respondents also strongly believe that the cyber security skills shortage will persist, with 66% of UK and EU respondents affirming that their organisations need “more knowledgeable and experienced cybersecurity practitioners”.
How to address future cyber security risks
Organisations in the UK looking to improve their cyber security posture are advised to look to the Cyber Essentials scheme as a first step to a cyber secure future, and should consider the international standard for information security management, ISO 27001, for a best-practice approach to addressing cyber risks.
Launched by the UK Government in 2014, the Cyber Essentials scheme sets out the minimum baseline of security that all organisations should be looking to achieve. IT Governance offers a series of implementation solutions starting at just £300 for UK organisations looking to achieve CREST-accredited certification at a pace and for a budget suited to them.
Beyond Cyber Essentials, organisations wanting to improve their cyber security postures should implement an information security management system (ISMS), as set out in the international standard ISO 27001, to ensure they have the right policies and procedures to manage their information assets.
IT Governance’s ISO 27001 Packaged Solutions make it easy for organisations to prepare for certification using a project approach appropriate for them.