More than half of risk professionals worldwide say their organization’s risk levels have increased in the past 12 months, according to new research from IT organization ISACA, its best practices subsidiary CMMI Institute and security education provider Infosecurity Group.
The organizations surveyed more than 4,500 specialists worldwide involved in risk decisions, and found that only 29 percent have a high degree of confidence that their enterprise can accurately predict the impact of threats and vulnerabilities associated with emerging technologies.
Fewer than one third (31 percent) of security professionals surveyed said their organizations can respond quickly when new threats are identified, which the report noted is problematic given today’s fast pace of business and technology-driven change.
The study said the top five cyber security risk management challenges are changes or advances in technology, changes in types of threats, too few security personnel, missing skills in existing cyber security personnel, and increased number and frequency of threats.
The report also found that nearly two-thirds of respondents have defined processes for risk identification, but only 38 percent say they believe that those processes are at either the managed or optimized level of the maturity spectrum. This high adoption, low optimization trend shows there is significant need for action and improvement, the report said.