It was standing room only when Dr. Larry Ponemon of the Ponemon Institute took the stage at the 16th annual SecureWorld Atlanta cybersecurity conference.
Ponemon was revealing details from his new 2018 cybersecurity research. We’ll have to publish more of his findings in a subsequent article, but here are two Ponemon security research findings that point to significant trends in cybersecurity.
1. The board IS getting more involved in cybersecurity
There has been talk of this happening—of the board finally seeing cybersecurity as a business risk—for years now. Ponemon's InfoSec study found these results:
- 19% of InfoSec leaders say the board will become "much more involved" in security during 2018
- 31% say the board will become "more involved" in security
- 38% say the board involvement in cybersecurity will stay the same
So this idea of communicating to the board that cyber risk is a business risk is really maturing. Say Ponemon, "It's interesting that in many cases, the board itself is now pushing for the business to have increased cybersecurity," instead of CISOs having to convince the board about security’s significance to the business.
2. Most information security leaders feel less secure than they used to
Think about that for just a moment. The Ponemon security study results show the following:
- 67% of InfoSec leaders say their organization is more likely to "have a data breach or cyberattack in 2018"
This likely speaks to the growing sophistication and organized crime nature of bad actors, along with ongoing nation-state threats.
When Ponemon put up the slide with that statistic, there was laughter in the room. That was a reaction to the other side of the pie chart he was showing: 33% of respondents say their organization is less likely to be breached this year.
Ponemon picked up on this and framed it this way: "I have this theory about the InfoSec leaders who responded they're less likely to be breached in 2018; I think they might have been drinking wine!"
The room erupted with more laughter.
It's nice to find a lighter moment when it comes to information security, isn't it?
[RELATED: The story behind Ponemon Institute research and The High Cost of the Insider Threat]
