2015 GLOBAL CYBERSECURITY STATUS REPORT

2015 Global Cybersecurity Status ReportCompanies and government organizations worldwide are focusing on cybersecurity as a critical priority in 2015.

ISACA conducted a global survey of 3,439 business and IT professionals in 129 countries to capture their insights on cybersecurity attacks, skills shortages and proposals from US President Barack Obama, who addressed cybersecurity issues such as data breach notification laws this week.

The survey was conducted online from 13-15 January 2015.

At a 95 percent confidence level, the margin of error is +/- 1.7 percent.

believe there is a shortage of skilled cybersecurity

professionals

CYBERSECURITY SKILLS SHORTAGE

86% Does your organization plan to hire more cybersecurity professionals in 2015?

37% … Yes

32% … No

30% … Unsure

92% of those hiring expect it will be difficult to find a skilled candidate

CYBERATTACKS

86%

46% expect their organization to face a cyberattack in 2015

Only 38% of all respondents feel prepared to fend off a sophisticated attack

Yes

No

Unsure83%

11%

5%

Do you think cyberattacks are among the three biggest threats facing organizations today?

CYBERSECURITY AWARENESS

Yes No, but we should No, we do enough security awareness training

Unsure0%

10%

20%

30%

40%

50%

60%

26%

53%

9%12%

54%of respondents agree it is difficult to identify who has an adequate level of skills and knowledge when hiring new graduates for entry-level cybersecurity positions

Does your organization plan to increase cybersecurity awareness training for staff this year in light of recent breaches?

DATA BREACH NOTIFICATION SUPPORT

76%agree or strongly agree with United States President Obama’s proposal to require companies to notify consumers of a data breach within 30 days

Other

Not enough human resources

Increased cost

Systems not designed for this

Concern over corporate reputation

0% 10% 20% 30% 40% 50% 60%

10%

55%

15%

13%

8%

Of the following, what do you think is the greatest challenge companies would face if they needed to notify consumers of a data breach within 30 days of its discovery?

For full results and more information, visit WWW.ISACA.ORG/CYBERSECURITYREPORT