Data theft a big concern for IT heads

Ransomware fears are taking a backseat to data theft and keeping IT leaders awake at night, reveals research by Integrity360’s (www.integrity360.com) with over half (55%) reporting that data theft is now their biggest concern, pushing ransomware into third place (29%) after phishing (35%).

Integrity360’s research findings reveal a staggering 89% of IT leaders say they have seen an increase in the volume of security alerts over the past 12 months, with 76% reporting an increase of between 1-50% of alerts, with a further 26% witnessing a 26-50% increase.  

Additionally, over 30% of CIOs and CTOs say they see Advanced Persistent Threats (APTs) as a bigger concern than ransomware for their organizations despite ransomware commonly having a data theft component to it.  

Of the cyber security challenges keeping IT security decision makers awake at night data theft was cited by 27% of survey respondents as the second most common cybersecurity incident being feared, topped only by phishing (46%).  This correlates with the mounting concerns around data theft and the increasing need to protect sensitive data which emerged as the top cybersecurity challenge keeping professionals awake at night (48%).   This was closely followed by managing risk and compliance (28%) and defending identities (26%) which can be explained due to increasing regulation around cyber security and the role of identity as an increasing attack vector in the world of pervasive remote and hybrid working.  

In the battle to amalgamate the mass of security tools being introduced to defend against growing threats and securing cloud environments, the challenge of security consolidation is seen as the second biggest nightmare keeping over 30% of CIOs, 14% of information security analysts and 18% of CTOs awake at night.

“Businesses are navigating a digital landscape fraught with risks and data theft is clearly weighing heavy on the minds of those tasked with keeping it safe.  Whilst the threats continue to increase, and the alerts rise alongside, so too does the pressure on those tasked with keeping business data secure.  Enlisting the help of a Managed Security Services Provider (MSSP) can benefit businesses with the expertise, resources, and round-the-clock vigilance needed to protect sensitive data and respond effectively and efficiently to incidents, affording security teams the opportunity to apply their time and resources to other priorities,” says Brian Martin, Head of Product Development, Innovation and Strategy, Integrity360.

“IT environments have become increasingly complex with many enterprises now employing multi-cloud strategies and multiple products, which can leave gaps in security, and see businesses paying for underutilised and overlapping tools unnecessarily.  Consolidation of cybersecurity architectures can strengthen risk posture, reduce the number of tools and vendors in place, eliminate silos, reduce costs, and improve overall security posture.”

But with insufficient budgets being cited by 31% of respondents, IT leaders are finding budgetary constraints challenging when it comes to incident response (IR) with 27% saying the complexity of incidents and lack of board-level understanding of IR (27%), together with a shortage of IR skills, experience and tools (38%) are creating significant hurdles in responding to attacks.

“Insufficient budgets can leave organizations vulnerable to attack,” continues Martin.  “Businesses need to prioritize cybersecurity spend to avoid the financial and reputational ramifications that will often outweigh any initial investment in cybersecurity tools and processes.  Being able to respond quickly is vital in the wake of a cybersecurity incident and investing in IR services, training and expertise can make all the difference when responding to a breach or serious incident.”

Speed of response to an attack was considered by 40% of respondents as the most stressful aspect of responding to a cybersecurity incident, whilst the sense of responsibility was cited by (31%).  Interestingly, the fear of being wrong (24%) ranked higher than difficulty in diagnosing the incident (22%) with C-level executives fearing being wrong more than information security analysts – perhaps because the fallout from a poor response to a cyber incident could be worse or even catastrophic for them and their career.

Conducted by Censuswide on behalf of Integrity360, the research questioned 205 IT security decision makers from 9th – 14th August 2023.