According to the 2019 State of Cybersecurity Study from global IT and cybersecurity association ISACA, the attack vectors remain same every year but attack volume will increase and cybercrime may be vastly underreported.

“Underreporting cybercrime even when disclosure is legally mandated—appears to be the norm, which is a significant concern,” said Greg Touhill, Brigadier General (ret), ISACA Board Director, president of Cyxtera Federal and the first US Federal CISO. “Half of all survey respondents believe most enterprises underreport cybercrime, even when it is required to do so.”

The survey found that only 1 in 3 cybersecurity leaders (34%) have high levels of confidence in their cybersecurity team’s ability to detect and respond to cyberthreats. The highest levels of confidence are correlated with teams that report directly into the CISO, and the lowest levels are correlated with teams reporting into the CIO. According to the study, 43% of respondents say their teams report to a CISO, and 27% report to a CIO.

“What we can conclude from this year’s study is that governance dictates confidence level in cybersecurity,” said Frank Downs, director of ISACA’s cybersecurity practices.

“When the cybersecurity team reports directly to a designated and experienced cybersecurity executive, cybersecurity teams report having significantly more confidence in their team’s capability to detect attacks and respond effectively.”

These findings indicate the confusion enterprises experience when structuring cybersecurity with information technology. A CIO’s main goal is managing and implementing information technology, which is substantially different than securing and protecting it.

In this reporting structure, cybersecurity can fall to a secondary consideration, leading to a team’s lack of confidence to be cyberready. In fact, a higher percentage of respondents are confident in cybersecurity reporting to the CEO than to the CIO.

ISACA’s State of Cybersecurity Study, sponsored by HCL Technologies Ltd., captures the perspectives of more than 1,500 individuals who define the field cybersecurity managers and practitioners from across the globe.

According to State of Cybersecurity Part 2, the top three threat actors remain cybercriminals, hackers and nonmalicious insiders. Phishing, malware and social engineering top the list of prevalent attack types for the third year in a row.

Ransomware is significantly down from 2018, with 37% of organizations reporting that they experienced ransomware in last year’s study, compared to 20% this year. 50% of organizations report an increase in cybersecurity attacks on their organization this year, and 79% say it is likely they will experience a cyberattack next year.

However, by carefully analyzing the variables that contribute to incident susceptibility and team inefficiency, organizations can better prepare themselves for the dangers presented by cyber miscreants, says ISACA’s Downs.

Specifically, analyzing key organizational attributes identified in the State of Cybersecurity, such as cyber reporting structure, prevalent attack methods and team readiness through a culture of continuing professional education, organizations can increase their resilience to potential incidents.

(Image Courtesy:

Leave a Reply

Your email address will not be published. Required fields are marked *