New Black Hat Survey Reveals Rising Cybersecurity Concern: 40% of Information Security Professionals Anticipate a Major Security Breach this Year

Black Hat USA Attendees Note Industry's Significant Skills Gap & Strain on Resources - Topics to be Discussed at Upcoming Black Hat USA 2016 Conference

SAN FRANCISCO, July 14, 2016 /PRNewswire/ -- Black Hat, the world's leading family of information security events, today announces its second annual research report, 2016: The Rising Tide of Cybersecurity Concern, in anticipation of the upcoming Black Hat USA event. The report is based on survey responses from 250 attendees of 2015 Black Hat USA – one of the most security-savvy audiences in the industry – and reveals some critical concerns about the information security industry and emerging cyber risks faced by today's enterprises. For more information and to download the full report visit: blackhat.com/latestintel/2016-attendee-survey.html

In 2015, Black Hat began compiling responses for a survey with the intent to gauge the attitude and plans of some of the most experienced and highly trained cybersecurity individuals – attendees of the Black Hat conference. In just a year, the industry's leading event has recorded significant shifts towards an increased strain on the industry. The most notable trends can be divided into three categories spanning issues related to future threats, a decreasing workforce and neglected spending priorities.

Cybersecurity in Crisis
Security professionals' concerns associated with major breaches have only increased since last year. In 2015, 37 percent of respondents said it was either "highly likely" or that they "have no doubt" that they would face a major breach in the next 12 months; in 2016, that figure has risen to 40 percent. Raising the need for concern, nearly 75 percent of security professionals say they do not have enough staff to defend their organizations against current threats. 63 percent directly relate this to a lack of budget.

The Deepening Skills Gap
There is no question that the shortage of skilled security professionals has become one of the most critical problems facing organizations today. 72 percent of organizations say they do not have enough staff to meet current threats. 37 percent say a shortage of qualified people and skills is the primary reason why security strategies and technologies continue to fail in today's industry. Alarmingly, more than two thirds of security pros (67 percent) say they, themselves do not have enough training to handle current threats.

Security Spending's Priorities Gap
Even with the growing fear of future threats and lack of skilled professionals in the field, the gap between security professionals' primary concerns and their dedicated expenditures is widening. Organizational priorities such as compliance and risk measurement consistently reduce the time/budget available for security professionals to resolve issues they consider the most critical. These pressing issues include targeted attacks, social engineering, and internal application security troubleshooting. Although the 2015 report revealed this trend, rather than a reverse in expenditure behavior, the issue has continued to increase.

Additional Key Findings

  • 37 percent see the re-emergence of ransomware as the greatest new threat to appear in the last 12 months
  • The attacker that 36 percent of security professionals fear most is the one with internal knowledge of the organization
  • While the emergence of the so called Internet of Things (IoT) has garnered much attention in recent years, only 9 percent of those surveyed are currently concerned with IoT security. However, 28 percent believe this will be a concern two years from now. This ranking has not altered since 2015.

Download the Full Research Report
The survey results indicate a pressing and immediate need to rethink the current enterprise IT security model. Top concerns are changing – and the structure of resources, staffing and budget should follow suit. For actionable insights and a glimpse into the most pressing concerns in the years to come, download a copy of 2016: The Rising Tide of Cybersecurity Concern by visiting:blackhat.com/latestintel/2016-attendee-survey.html

Black Hat USA 2016: July 30 – August 4, Las Vegas
Following the release of its new report, Black Hat will host some of the brightest minds in the InfoSec community at Black HatUSA 2016. The event will feature an extensive educational program, spanning everything from mobile hacking to critical infrastructure vulnerabilities, research on the largest automakers and government/state-sponsored attacks. The event will take place July 30 – August 4 at the Mandalay Bay Convention Center in Las Vegas. For more information and to save $300 on your briefings pass by July 22, please visit: blackhat.com/us-16/  

Media can request a complimentary media pass here: blackhat.com/us-16/media-registration.html 

Connect with Black Hat

Future Black Hat Dates and Events

  • Black Hat Europe 2016, Business Design Centre, London, England, November 1-4, 2016
  • Black Hat Asia 2017, Marina Bay Sands, Singapore, March 28-31, 2017

About Black Hat
For more than 18 years, Black Hat has provided attendees with the very latest in information security research, development, and trends. These high-profile global events and trainings are driven by the needs of the security community, striving to bring together the best minds in the industry. Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors. Black Hat Briefings and Trainings are held annually in the United States, Europe and Asia.  More information is available at: blackhat.com. Black Hat is organized by UBM Americas, a part of UBM plc (UBM.L), an Events First marketing and communications services business. For more information, visit ubmamericas.com.