Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2018 Adobe Cybersecurity Survey

Adobe conducted a first-of-its-kind survey of more than 500 private and public sector cybersecurity professionals in the United States to explore their awareness and understanding of public policy developments and gauge how those public policy developments impact their jobs on a daily basis.

  • Login to see the comments

2018 Adobe Cybersecurity Survey

  1. 1. 2018 ADOBE CYBER SECURITY SURVEY 1 GMUNK CYBERSECURITY PROFESSIONALS’ INSIGHTS ON PUBLIC POLICY
  2. 2. O B J E C T I V E S In a first-of-its-kind study, we surveyed U.S. cybersecurity professionals to understand their perceptions of cybersecurity and public policy issues We explored topics such as: • What are cybersecurity professionals’ top concerns today? • What are the most important privacy and security issues for governments to address? • How prepared do they feel for upcoming cybersecurity policy changes? 2 GMUNK
  3. 3. Government and Contractor n=76 Non-government/Private n=452 MOE= ± 4.3% M E T H O D O L O G Y AUDIENCE MARGIN METHODSAMPLE SIZE TIMING Cybersecurity professionals nationwide This report is a result of a U.S. nationwide survey of cybersecurity professionals (manager level or above) at a variety of different organization types and sizes Survey fielded September 5-15, 2017 15-minute online survey 3 OF ERROR n=528 GMUNK
  4. 4. S U R V E Y R E S U L T S 4
  5. 5. Q12: How much do you agree or disagree with the following statement? Q25: In general, how well do you understand how these cybersecurity public policy developments will impact your job? Cybersecurity professionals say policy has a great impact on their day-to- day jobs and they understand how upcoming developments can affect their roles Agree that cybersecurity public policy affects their job on a daily basis 85% Understand how cybersecurity public policy developments affect their job 90% Impact of Public Policy on Day-to-Day Job 5 Top 2 Box
  6. 6. Q26: How prepared do you think you, your organization and your industry are for upcoming cybersecurity policy changes? Level of Preparedness for Upcoming Policy Changes Yet, only 37% feel completely prepared for upcoming policy changes, and even fewer are confident in industry preparedness overall Say their industry is completely prepared Say their organization is completely prepared 37% Say they are completely prepared 36% 28% 6 Top Box Only
  7. 7. “Regulations contribute to my company's ability to protect our assets. We as a company need to be ahead of the curve on all issues involving cybersecurity.” – Non-Government / Private 83% Agree that the regulations in place are effective in making things secure An overwhelming majority of cybersecurity professionals feel government regulations have a positive impact on cybersecurity Impact of Regulations on Security Q6: How much do you agree or disagree with each of the following statements? Q13: How does cybersecurity public policy affect your job on a day-to-day basis? 7 Top 2 Box “Policy tends to be a driving force in how companies/governments begin to react to various threats either before, or in some cases after, they begin to show up.” – Government / Contractor
  8. 8. 48% Follow cybersecurity policy issues very closely However, less than half of cybersecurity professionals follow public policy issues very closely Following Public Policy Issues Q7: How closely do you follow cybersecurity public policy issues? 8 Top Box Only
  9. 9. 45% Almost all cybersecurity professionals agree that more common standards and frameworks are necessary Attitudes toward Common Standards “The most important issue is how to effectively share threat information and automatically detect and mitigate them in real-time as well as how to motivate organizations to implement best practices.”– Government / Contractor “[It’s important to] have some sort of uniform standards and centralized resource relative to what constitutes a cybersecurity event and how those issues are reported, responded to, and resolved.” – Non-Government / Private Agree that the information security industry needs more common security standards/ frameworks 92% Q6: How much do you agree or disagree with each of the following statements? Q14: In your opinion, what are the most important cybersecurity issues for governments to address? 9 Top 2 Box
  10. 10. Q6: How much do you agree or disagree with each of the following statements? Q13: How does cybersecurity public policy affect your job on a day-to-day basis? However, compliance is a current pain point for cybersecurity professionals Agree that regulation makes organizations focus more on compliance than on security 86% Agree that their organization spends too much of their time and budget on compliance 64% “The lack of direction under regulation causes us to continually change to try to stay compliant.” – Non-Government / Private “There are often conflicting reports and it is impossible to get anyone to confirm what regulation or standard is the one to follow.” – Government / Contractor Attitudes toward Compliance 10 Top 2 Box
  11. 11. 37% Respondents believe that modernizing technology is critical to effective government cybersecurity Attitudes toward Modernizing Technology Agree that modernizing technology is critical to effective government cybersecurity 96% “The more archaic our defenses are ... the easier it is to break them down.” – Non-Government / Private “You have legacy systems with users who only know operational concerns, with no time to bring systems up-to-date. This alone forces people to be concerned with more uptime than security.” – Government / Contractor Q20: How much do you agree or disagree with each of the following statements? Q21: What are the greatest cybersecurity risks of not modernizing government technology? 11 Top 2 Box
  12. 12. Agree that transitioning legacy systems to the cloud is critical to effective government cybersecurity 88% Cybersecurity professionals agree that transitioning legacy systems to the cloud is critical to effective government cybersecurity Attitudes toward Legacy Systems and the Cloud Q20: How much do you agree or disagree with each of the following statements? Q21: What are the greatest cybersecurity risks of not modernizing government technology? “Legacy systems are easier to breach and have the greatest security vulnerability.” – Non-Government / Private “Open vulnerabilities in legacy hardware and software [are the greatest cybersecurity risks of not modernizing government technology].” – Government / Contractor 12 Top 2 Box
  13. 13. Q3: How important is it for organizations to have each of the following cybersecurity measures in place? Q5: And which, if any, of the following cybersecurity measures does your organization have in place? Cybersecurity professionals say monitoring to detect breaches and protect data at the file level is important, yet only half have tools in place to do so Current Practice 88% Say it is important to monitor to detect breaches and protect data at the file level Currently in placeImportant 49% Say that monitoring to detect breaches and protect data at the file level is currently in place at their organization Monitoring to Detect Breaches and Protect Data at the File Level 13 Percent SelectedTop 2 Box Importance vs.
  14. 14. 14 Automating system patching is another opportunity for more effective cybersecurity Q3: How important is it for organizations to have each of the following cybersecurity measures in place? Q5: And which, if any, of the following cybersecurity measures does your organization have in place? Say that automating system patching is important 80% Automating System Patching Importance vs. Current Practice Say that automating system patching is a measure that is in place at their organization 44% Current Practice Currently in placeImportant Percent SelectedTop 2 Box Importance vs.
  15. 15. The overwhelming majority of cybersecurity professionals say critical infrastructure is important for governments to address Importance of Cybersecurity Issues for Governments to Address Q15: How important are each of the following cybersecurity issues for governments to address? 91% Say that critical infrastructure is important for governments to address 15 Top 2 Box
  16. 16. Respondents are most informed about cybersecurity policy developments at the federal level Informed of Recent Public Policy Developments 77% 80% 87% Are informed about recent federal level policy developments Are informed about recent state level policy developments Are informed about recent international level policy developments Q22: How informed do you feel about the latest cybersecurity public policy developments that have occurred over the last six months at the…? 16 Top 2 Box

×