People are the very first element in a pragmatic cybersecurity strategy

39 percent of cybersecurity and IT executives indicate their company is under-prepared to handle a data breach and 66 percent prefer negotiating with a used car salesperson over dealing with a breach, according to an Avertium survey.

The survey brings to light the love-hate relationship between security and IT professionals and technology.

Most professionals believe technology will be pivotal in the future of cybersecurity with nearly two-thirds (65 percent) of respondents saying that AI or ML will be able to solve more problems than humans.

Despite this belief, only 36 percent have deployed these technologies in their environments. This relatively low adoption rate correlates with two of the top pain points cited by respondents: managing the increasing complexity of the cyber tech stack (76 percent) and the volume and sophistication of hacks (75 percent).

The survey findings also point to the continued criticality of the human element in identifying and addressing cyber threats. More than half (52 percent) report plans to expand the cybersecurity team at their respective companies in 2020.

“Today’s cyberattacks can cost a company well over $1 million per incident. Security leaders that place too much emphasis on the latest technologies are missing out on the other four elements of a sound cybersecurity strategy,” shared Jeff Schmidt, CEO of Avertium.

“People are the very first element in a pragmatic cybersecurity strategy with the other four being process, policies, technology and automation and it is good news that more than half of the companies are improving their security posture by adding to in-house capabilities or augmenting it with consultants.”

Training and education are critical

Despite the increase in types of attacks and sophistication of hackers, industry professionals’ greatest concerns continue to be phishing (81 percent) and malware (67 percent).

To educate employees on preventing exposure to these types of threats, more than 90 percent of companies accounted for in the survey have at least one process in place, including incorporating it in new employee orientation (63 percent) and hosting annual training sessions (46 percent).

To share common signs of phishing scams, 74 percent of respondents send email communication and 58 percent conduct regular phishing exercises.

Key findings

The top two greatest pain points for cybersecurity professionals are the increasing complexity of cybersecurity tech stacks (76 percent) and the volume and sophistication of hacks (75 percent), with three others in a tie for third place: third-party or partner vulnerability (66 percent), increase in vulnerability due to digital transformation (65 percent) and the cost and complexity of achieving regulatory compliance (65 percent).

• 39 percent believe their company is under-prepared to handle a cyber breach
• On average, companies plan to increase investments by 36 percent in 2020
• 52 percent plan to increase their cybersecurity team in 2020
• 93 percent have formal training in place to educate employees on cyber threats
• Phishing (78 percent) and Malware (62 percent) continue to be the most concerning attacks for companies, and will remain so in 2020 – Phishing (81 percent) and Malware (67 percent)