IT officials from leading industries and government have strong concerns about finding and retaining the necessary talent to respond to cybersecurity threats quickly enough, and how to adapt to changing threats, a new survey finds.
The study points to a shift in priorities among IT leaders in the public and private sectors. They say the individuals they’re looking for most possess proactive threat hunting expertise and can think like a hacker.
The survey, produced by CyberScoop and underwritten by Raytheon, suggests that to meet the demand for qualified expertise, IT leaders are exploring a larger role for artificial intelligence (AI) on the cyber battlefield and turning to outsourcing as a solution.
About two-thirds of industry executives surveyed (64 percent) reported their organizations are investing 10 percent or more of their 2018 cybersecurity budget on AI technology. Government is lagging behind with only 34 percent of respondents indicating their agencies are investing in AI technology.
“Roughly half of respondents in every sector are outsourcing more than 20% of their cybersecurity work,” said Mark Orlando, chief technology officer in cyber protection solutions at Raytheon. For organizations “selecting the right partners becomes a key part of the IT security strategy.”
The report found that government IT leaders consistently rated their organizations lower than their counterparts in industry concerning their agility to respond to cyberthreats. Six in 10 government respondents rated their organization as average or below average in being able to proactively hunt for threats, compared to just 3 in 10 industry IT respondents.
This study is the first of its kind to compare proactive cybersecurity practices across multiple industries and government, according to Wyatt Kash, senior vice president for content strategy at Scoop News Group, which conducted the study for CyberScoop. The study surveyed pre-qualified IT leaders from the financial, health care, energy, technology and transportation sectors and the federal government about their cybersecurity capabilities, needs and strategies in addressing emerging cybersecurity threats.
Among other findings, it showed that “industry organizations are outpacing government in their agility to use proactive threat hunting practices to address emerging cybersecurity threats,” he said.
The report breaks out results by individual sector and compares how respondents rated their organization’s ability to detect, respond and prevent. Financial, technology and transportation sector respondents, for example, rated their organizations more capable of detecting, responding and preventing cyberattacks than respondents in the energy, health or government sector.
When it came to partnering with third party security services, respondents across all sectors said the top factors in their selection including 24/7/365 monitoring a detection capabilities, cost and price, and a provider’s capabilities to hunt for threats proactively.
The study, “The Quest for Proactive Threat Hunting Capabilities,” was based on the responses of 251 pre-qualified executives with IT and cybersecurity responsibility.
This article was produced by CyberScoop and underwritten by Raytheon.