Cyber Security Hub Survey Reveals GDPR Effects, Purchase Power & More

At this point, it’s common knowledge that cyber security is a hard-hitting, dynamic space, and one that keeps its administrators on its toes.

Chief Information Security Officers (CISO) and others charged with network defense must keep their fingers on the pulse of just about every vertical in the space – from identity and access management (IAM), to anti-malware, to Internet of Things (IoT) devices and much more.

Conversely, the beat is also well-trafficked in the media space too, with outlets covering industry movements and trends ad nauseam. So outside of being habitual “defenders,” CISOs must also glean useful information from the press. These anecdotal use cases could help inform strategic decisions in the enterprise; or they serve as cautionary reminders to fortify defenses.

Between the operations and awareness/media components of the job, along with the rising importance of cyber security overall, it’s clear that the CISO role is no easy undertaking. Fortunately, there are some useful resources in this longstanding campaign against black hats, one of which is data. The space frequently engages in benchmarking activities, as it’s often useful to see what advances have been made, and where. In many cases, market research becomes the basis for purchasing decisions.

The Cyber Security Hub conducted a survey of its audience members from June to July 2018. What follows are pertinent statistics emanating from the poll, including vital figures on the General Data Protection Regulation (GDPR), focus areas and more.

Further, please see the attached infographic for a look at the Cyber Security Hub’s exclusive design – showing additional figures on top challenges, cyber spend and the talent crisis.

GDPR Effects

In May 2018, the European Union (EU) rolled out the General Data Protection Regulation (GDPR), which brought forth a number of new regulations for data privacy – including breach notification, data protection by design and default, clear terms and conditions, the appointment of a Data Protection Officer (DPO) and more.

Leading up to the rollout, organizations worldwide worked until the 11^th hour to become compliant with GDPR. As such, 50.8% of respondents to the Cyber Security Hub poll indicated that GDPR directly affects their organization.

See Related: Could The Cyber Sec. Talent Crisis Come Down To Perception, Biases?

With comparable regulation coming to California with the Consumer Privacy Act (CCPA), it will serve security practitioners well to stay on top of emerging data security measures.

Purchase Power

Enterprise cyber spend has long been the subject of debate – as cyber security is still a relatively new branch of the business (comparatively). This has left some CISOs worldwide feeling as if they do not have a seat at the table. However, with security events being increasingly translated to the wider C-Suite and board of directors, security spend has climbed.

But it is not an infinite supply, as the CISOs are often shouldered into defending the allocation. Plus, solution stacks are not often the most lucrative option today, as the “perimeter” has shifted and tools are more sophisticated – insofar as reaching a “single pane.” So, CISOs are not just buying the first shiny box they see, they’re forced to go to market selectively.

Nevertheless, the Cyber Security Hub audience responded to whether they’ll be going to market for a solution, or a set of solutions, in the next 12-18 months. Thirty-two percent of respondents said they will not, while 31.5% said it depends on their budget; 29.4% said they are unsure while 6.4% said yes.

Focal Points

Different CISOs are engaged in different initiatives at present, depending on their organization’s maturity level, as well as industry and size.

Yet there are still certain topics with staying power in the space. Poll respondents also touched upon industry topics they’re most engaged in.

More than 58% of respondents indicated that cloud computing is an area of interest – and deservedly so. Enterprises are finding that the cost efficiencies attached to the cloud – along with the cloud service provider’s (CSP) added controls – are too enticing to ignore.

See Related: 'Diversity In Security Is A Business Imperative': EY Partner Shelley Westman

What’s more, 50.6% percent of respondents indicated that the latest data breaches remain a worry for practitioners. Each week, it seems, there is another “mega-breach,” with a leading enterprise reporting an incident typically affecting tens of thousands, or quite often, even more.

Lastly, 44% of respondents answered mobile security, meaning that additional endpoints on the corporate network pose security challenges to respective teams. The attack surface widens, and each day new targeted attacks hit iOS and Android.

Straight Off The Press

Asked how closely they monitor cyber security news, 38.6% of the responding practitioners suggested that they keep tabs on the beat multiple times weekly.

Twenty-eight percent of respondents said that news consumption occurs “whenever able.” An additional 21.4% of those polled said “multiple times daily.”

It’s clear, then, that whether it’s on a daily or weekly basis, these security executives are certainly staying apprised of the latest headlines.

Again, be sure to view the attached infographic for additional insight from the summer 2018 poll.

Plus, Be Sure To Check Out: Industrial IoT Concerns Worsen As More Devices Connect To The Web