Seven in Ten CISOs Believe Cyberwarfare Is an Imminent Threat to Their Organisations

  • Most CISOs are concerned about the threat of cyberwarfare to their organisation yet a lot of businesses don’t have a strategy in place to protect against it. In fact, new research by Bitdefender found 71% of CISOs believe cyberwarfare is a threat to their organisation.
  • Despite this, only just over a fifth (22%) admit to not having a strategy in place to mitigate this risk.

These findings, and more, are revealed today in the next instalment of Bitdefender’s global 10 in 10 Study. The study explores, in detail, the gap between how security decision makers and infosec professionals view the current security landscape and highlights the changes they know they will need to make in the upcoming months and years.

The findings in the report are especially alarming during a period of unprecedented global disruption, as half of infosec professionals (50%) agree that the increase in cyberwarfare will be detrimental to the economy in the next 12 months. However, CISOs and Infosec professionals are taking measures and shoring up their defences — with 51% and 48% respectively stating that they believe they will need a strategy against cyberwarfare in the next 12-18 months.

The rise and fall (and rise again) of ransomware

Outside of the rise of cyberwarfare threats, an old threat is rearing its head — ransomware. During the disruption of 2020, ransomware has surged with as much as 43% of infosec professionals reporting that they are seeing these kinds of attacks rise. What’s more concerning is that 70% of CISOs/CIOs and 63% of infosec professionals expect to see an increase in ransomware attacks in the next 12-18 months. This is of particular interest as almost half of CISOs/CIOs (49%) and just over two fifths of infosec professionals (42%) are worried that a ransomware attack could wipe out the business in the next 12-18 months if they don’t increase investment in security.

A stepchange in communication is in high demand

Cyberwarfare and ransomware are complex topics to unpack, amongst many others in infosec. The inherent complexity of infosec topics can make it hard to gain internal investment and support for projects. This is why infosec professionals believe a change is needed. 51% of infosec professionals agree that in order to increase investment in cybersecurity, the way that they communicate about security has to change dramatically. This number jumps up to 55% amongst CISOs and CIOs — many of whom have a seat at the most senior decision making table in their organisations.

The question is, what changes need to be made? Two fifths of infosec professionals (41%) believe that in the future more communication with the wider public and customers is needed so everyone, both in and organisation and outside, better understands the risks. In addition, 38% point out that there is a need for the facilitation of better communication with the C-suite, especially when it comes to understanding the wider business risks.

Diversity, and specifically neurodiversity, is key to future success

Outside of the drastic changes that are needed in the way cybersecurity professionals communicate, there’s also a need to make a change within the very makeup of the workforce. The infosec industry as a whole has long suffered from a skills shortage, and this looks to remain an ongoing and increasingly obvious issue. 15% of infosec professionals believe that the biggest development in cybersecurity over the next 12-18 months will be the skills gap increasing. If the skills deficit continues for another five years, 28% of CISOs and CIOs say they believe that it will destroy businesses. And another half (50%) of infosec professionals believe that the skills gap will be seriously disruptive if it continues for the next 5 years.

The 10 in 10 report highlights the impact that not addressing these issues will have on everything from individual businesses through to whole economies. What is positive is that both CISOs and IT pros are recognising the need to address these issues, although there is still clearly a long way to go. The next step is reducing the skills gap and better improving communication both within organisations and with the general public in order to better protect against threats like cyberwarfare and ransomware.

To find out more, you can view the full report here.