Trustwave's 2017 Security Pressures Report measures the immense pressure felt by in-house cyber-security professionals and the key drivers behind it. The global survey included responses from 1600 IT decision makers from the UK, Australia, the US, Canada, Singapore and Japan.
Security is now becoming more personal, with 24 percent of respondents reporting blaming oneself as the second biggest source of stress. This is compared to 46 percent that reported most people pressure coming from boards, owners and C-level executives.
According to the report, this shift in pressure highlights that individuals may be starting to understand the bigger role that they play in helping to enable their organisation's security posture.
Forty-two percent of respondents reported that their biggest fear following a cyber-attack or breach was reputational damage to themselves and their company, ahead of financial damage to one's company (38 percent) and termination (11 percent).
To aid in compensating for lack of skilled security professionals, 31 percent partnered with a managed security services provider (MSSP). Meanwhile, 26 percent reported involvement in a partnership between in-house teams and an MSSP.
In regard to operational pressure, shortage of security expertise was noted as the second biggest pressure facing security pros at 15 percent, behind advanced security threats at 29 percent. Despite a large skills gap, 24 percent of respondents prefer to increase security skills among staff members rather than increase their staff.
Customer data theft is ranked as the most worrisome outcome of a cyber-attack or data breach by 30 percent of respondents, followed by ransomware (18 percent), which is viewed as the most unsettling post-incident consequence.
Respondents were split evenly between those who feared external threats more than internal threats and vice versa.
Pressure was felt to roll out IT projects before undergoing necessary security checks/repairs by 65 percent of respondents.
Sixty-four percent felt pressure to select security technologies containing the latest features despite 27 percent citing that they lack the proper in-house resources to effectively use them.
“Findings show that the pressures cyber-security professionals face have become much more personal than in previous years, as executives recognise that pressure does not translate into better performance – instead it may lead to stress, burnout and faults,” said Chris Schueler, senior vice president of Managed Security Services at Trustwave.
“In an era where security talent is at a premium, organisations cannot afford to lose these skilled individuals. My advice to those facing these pressures head on is to no longer think of security as a siloed discipline. To build a successful security programme, you must establish both internal and external allies.”