Half of Canada’s IT security professionals are disappointed in the technology they pay for, feeling it doesn’t keep their organizations’ data safe enough, according to a new survey sponsored by Websense Inc. and run by the Ponemon Institute.
In the second part of a survey on what IT professionals see as barriers to cybersecurity, Ponemon researchers surveyed 236 IT professionals based in Canada. The average professional had about nine years’ experience in the industry.
Out of these respondents, 51 per cent said the organizations they worked for were often disappointed with the investments they made in security – so disappointed, in fact, that if they had the chance, 29 per cent said they would do a total revamp of their security systems.
Another 44 per cent said if they ever suffered a data breach, they would consider switching vendors, as 59 per cent agreed vendors regularly make threats sound worse than they are to help sell products.
However, there are some constraints to that. About 31 per cent of cybersecurity professionals say they aren’t getting the support they need from the C-suite to protect their organizations. That translates to less money in the budget for the IT department, as 69 per cent of respondents said their organizations aren’t investing enough in staff and technologies to be able to meet security-related goals.
Part of the reason for that may be that security professionals aren’t getting enough face time with their executives. Twenty-three per cent of respondents said they never speak to the C-suite about security. Out of those that do, 23 per cent only had the chance to meet with them once in the course of a year, while 24 per cent would get to see them twice.
Respondents said they sometimes feel the only way to get through to the executive team is if a major security disaster occurred, like if intellectual property was stolen, a massive customer data breach happened, or if system downtime caused their company to lose productivity. About 89 per cent of respondents said they personally know another security professional whose organization lost sensitive data, thanks to an insider stealing that information.
Aside from investing more in better security technologies and staff, the respondents polled said they feel one of the best ways to bolster security is to educate employees about it. Forty-seven per cent of respondents said their organization doesn’t teach its employees enough about protecting data – and that has to change if these companies want to stay secure.