cybersecurityEvery year, the minefield of cybersecurity issues plaguing corporate IT structures increases in both frequency and severity.  The alarm shared among legal and IT professionals is growing, as companies are forced to invest significantly more in robust cyberdefense.

As reported by Corporate Counsel, “the ‘2015 Security Pressures Report’ from Trustwave Holdings Inc. shows that the already substantial burdens in-house security professionals face from threats to their networks and data will likely continue to increase. The report finds that the always-looming cyberthreat is exacerbated by other pressures too, like the push to roll out IT projects quickly, lack of IT staff and budget, and the proliferation of emerging technologies.”

More than half of respondents to the primarily North American 1,000-person survey reported heightened pressure between 2013 and 2014 to enhance security of their organization’s networks.  Roughly the same number foresee additional pressure, while just over 40% estimate the pressure to remain neutral or decrease. The urgency of these heightened measures appears to be coming from the top down, as board of directors, owners, and C-suite executives account for more than 60% of the reported mandate.

As Greg Rosenberg, security engineer at Trustwave, told CorpCounsel.com, “the high-profile nature of recent breaches has put the tops of organizations on alert, and from fines and fees to litigation and brand damage, executives want to ensure that they don’t have to deal with the consequences of a major breach happening at their organization.”

Compounding this pressure are several elements- including allocating sufficient time, resources, and staff-  that legal and IT professionals claim fuel the stress.   For example, more than three quarters of those polled expressed frustration that products are often introduced before all the potential vulnerabilities to hackers have been removed or addressed.  Furthermore, more than 4/5 of respondents expressed interest in additional staff support, with almost one-third of those surveyed wishing they could at least quadruple their resources.  According to Rosenberg, managed security services are often the answer because, as they tend to more efficiently allocate resources, managed security service professionals are dedicated to cybersecurity on a macro scale and they have access to an amplified share data set.

While external threats overwhelmingly pose the largest reported risks, insider threats are on the rise as well.  According to Corporate Counsel, “most said that the risk of an insider accidentally leaving the company exposed to a breach caused more pressure than the possibility of a malicious insider. The most-cited insider threat in the survey was unauthorized file transfer; only a small number of respondents—9 percent—cited weak passwords.”

Beyond the risks posed by external and insider actors, nearly half of respondents indicated that cloud computing as a new and increasingly relied-upon technology posed the most security risks.  Personal mobile devices, applications, and reckless use of social media also registered as notable threats.