InfoSec pros feel less external pressure, take security more personally

Security professionals are feeling less pressure from management, less pressure to approve IT projects early, and are less worried about emerging technologies, according to a report released this morning. But they are also putting more pressures on themselves.

“The pressure is still high,” said Chris Schueler, senior vice president of managed security services at Trustwave Holdings, which sponsored the survey of 1,600 InfoSec professionals from around the world. “But it’s shifted from it’s someone else’s problem — the board’s problem, the CEO’s problem. Now it’s my problem.”

This year, 65 percent of respondents said most of the pressure they were feeling came from the board of directors, company owners, senior executives or their direct manager. This was down from 80 percent last year.

That’s a good thing, said Schueler.

“We don’t want the board to feel all the pressure,” he said. “They’re not where the rubber meets the road.”

He added that this doesn’t mean that cybersecurity is less of an issue, however. If anything, it’s now a top five concern, whereas before it was a top 10 concern.

Instead, the number of people who say their biggest source of pressure is themselves has more than doubled, from 11 percent last year to 24 percent today.

“They feel the pressure to perform, the pressure to secure,” he said.

Part of that is due to potential damage to their professional reputations, he said.

“If your website goes down, no one really remembers that in six months or a year,” he said. “But if you were hacked, and it was a big enough hack, people will remember that for years. If you were the CISO of CSO for a company that was hacked, it definitely limits your job opportunities in the future.”

On the operational side, there were several areas of progress. The number of respondents who said they felt pressure to roll out IT projects before the necessary security reviews were complete went down from 77 percent last year to 65 percent.

On another positive note, emerging technologies were also causing less stress.

Last year, 25 percent of respondents said that dealing with emerging technologies such as cloud, mobile and IOT was their biggest operational pressure, second only to advanced security threats at 29 percent.

This year, that number was down to 12 percent.

“They’re finally starting to get a handle on cloud, so we’re starting to see that plateauing,” he said.

The rate at which the overall pressure is increasing has also begun to level off somewhat.

Overall, 53 percent of respondents said they feel increasingly pressured this year. In 2017, 63 percent said it was increasing.

But there were areas in which the amount of pressure increased.

For example, the industry-wide labor shortage is having an impact.

Last year, only 5 percent of respondents said that the lack of security skills and expertise was their biggest operational pressure. That tripled to 15 percent this year.

“I can’t find and hire the people with appropriate skills,” he said.

No pressure, but you can comment on our Facebook page.