What Associations Need to Know About Cybersecurity Risk
Many security leaders are having trouble selling the need for cybersecurity measures—complicating the clear obligation to protect their organizations, a new survey finds.
Like other types of organizations, associations know a serious underlying security problem exists, but many feel poorly positioned to do anything about it.
A new study from Foundry, formerly known as IDG Communications, makes clear that, across the board, security leaders feel like they’re struggling to make headway on an important problem. The survey of 872 security leaders from around the world finds that 90 percent of respondents believe that not enough is being done to prevent security breaches within their organizations.
A few highlights from the report:
User error is a common failing. According to the research, most security leaders know what caused their security issues in the past year, with nonmalicious user error being the top culprit (cited by 34 percent of respondents), followed by third-party security vulnerabilities (28 percent), unpatched software (27 percent), misconfiguration of services (26 percent), and supply-chain attacks (17 percent).
Security leaders are getting pulled in multiple directions—including justifying their work. While security is the key goal, many security leaders are also heavily focused on other issues such as governance and compliance, employee training, unanticipated business risks, managing potential cyber threats, and proving the ROI of their work. The report notes that security executives have “difficulty convincing all, or parts of our organization, of the severity of the risks we face.”
Zero trust is seen as a solution. The report notes that, despite being the top cause of security issues, user error has fallen by about 10 percent since the 2021 version of the study, something credited in part to the uptake of zero-trust management practices. Nearly half of the organizations surveyed are working on zero-trust solutions, which put security at the front of the discussion, while a third are actively researching it. “Zero-trust architectures and technologies are steadily working their way into corporate security,” the report states.
Many organizations are looking to transfer the risk. Companies are trying to find ways to outsource security functions to help limit risk where possible, including by putting infrastructure in the cloud and investing in cyber insurance. ”As much as people like to complain about insurance, when you ask the specifics, they’re not terribly put out by it,” said Bob Bragdon, senior vice president and managing director of Foundry’s CSO Worldwide.
(MicroStockHub/iStock/Getty Images Plus)