CISOs blame lack of competent staff for data breaches

“It’s not an easy time to be a CISO,” according to Ponemon Institute’s Dr. Larry Ponemon. Chief information security officers (CISOs) are less confident than ever about data security, with 67% of respondents to a recent Ponemon Institute survey believing their organization was more likely than ever to be hit by a cyber attack or data breach.

CISOs cited a “lack of competent in-house staff” as the most likely reason for a data breach. Respondents also pointed to:

  • The inability to protect sensitive and confidential data from unauthorized access (59%)
  • The inability to keep up with the sophistication of criminal hackers (56%)
  • Failure to control third parties’ use of sensitive data (51%)

“Data breaches and cyber-attacks continue to plague organizations and the responsibility of protecting sensitive data stops with the CISO,” said Dr. Ponemon. “It’s critical that companies support CISOs and reduce risk by implementing standard processes, including policy review and documentation, senior leadership and board member oversight, as well as other safeguards to reduce their vulnerability.”

Invest in your staff

When senior managers are told that they need to improve their organization’s cybersecurity, they might immediately turn to technological solutions. However, Ponemon Institute’s study indicates that organizations need to address employees’ ability to avoid, identify, and respond to cyber incidents.

IT Governance offers a variety of staff awareness training courses to help employees prevent cyber incidents. By educating staff through training courses, tools, and thought-provoking activities, we help them understand the risks they face and advise them on the ways they can stay secure. Our courses cover many topics, including phishing, ransomware, and ISO 27001.

When implemented alongside technological defenses and effective security policies, staff awareness training can drastically reduce the likelihood that your organization will fall victim to a data breach or cyber attack.

Find out more about our staff awareness training courses >>