[ISACA] State of Cybersecurity 2018

By May 11, 2018 No Comments

Per @CarlosBorella

O State of Cybersecurity 2018 is a report issued annually by the ISACA and presents the results of the global survey conducted in October 2017 with 2366 cybersecurity professionals.

The report presents two resultsThe first part addresses issues related to the career development of cybersecurity professionals, considering professional profiles, development, budgeting and organization of security teams. The second part portrays the threat scenario faced by companies, including the types of threats and defense mechanisms used.

Important points:

After 2 years of moderate growth, the cybersecurity budget of organizations has returned to strong growth, compared to growth percentages for years prior to 2015. In this report it was noted that 64% of respondents will increase the cybersecurity budget and 28% will minimally maintain the previous year's budget. Compared to the previous year, when 50% reported that the budget would increase, there is an improvement in the cybersecurity investment scenario.

This resumption of cybersecurity investments is in line with the scenario of increased attacks identified in 2017, such as: disclosure of the incidents of Equifax, Yahoo and Uber, NSA leak by Shadow Brokers, WannaCry, NotPetya, among others.

Of the total respondents, 50% reported having suffered more cyber attack attempts compared to recent years, while 25% reported having suffered the same amount. A worrying number is that there are still 18% who reported not knowing.

Regarding the expectation of suffering from cyber attacks in 2018, 80% were categorical in stating that the probability is very high or high, 42% and 38%, respectively, demonstrating the concern with the theme.

A rather surprising piece of information portrays that 69% of respondents stated that top management has appropriately prioritized cybersecurity issues. However, only 20% of respondents reported that security functions are reported to Top Management and / or CEO / CFO.

The lack of a direct channel with top management can pose a potential risk as security teams will have difficulty prioritizing actions (often these teams are in tune with the threat environment and operational / technical ecosystem), to guide them to the company's overall strategy.

* Carlos Borella is Safeway Information Security Manager


Download the full report



THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:

● Archer da RSA Security, considered by the institutes Gartner and Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;

● [SAFEWAY] Security Tower, supported by IBM Qradar (Watson Technology), IBM Resilient, and other solutions tailored to each organization for their security and cyber defense management needs.

● And others, involving technologies ImpervaThalesTripwire and WatchGuard Technologies.



Leave a Reply