News Stay informed about the latest enterprise technology news and product updates.

What keeps information security professionals up at night?

Based on a recent Unisys study, find out what's really keeping your infosec colleagues up at night.

What do information security professionals consider the biggest threat to their systems and businesses? According to a recent study commissioned by Unisys, the issue most responsible for disrupting the sleep of top security executives is employee negligence or abuse of data warehouses or systems (97%). Insufficient resources to get the job done right (90%) is a close second.

Surprisingly, only 70% indicated that a catastrophic attack on IT infrastructure, including sophisticated viruses and expert hacker penetration was of most concern. Each respondent was asked in personal interviews to list up to five top issues in ascending order, higher percentages indicate a more frequently recognized issue.

Due to the lack of corporate resources, about 73% of participants in the study believed that they didn't have the staff to secure known security holes. About 80% of respondents said that outsourcing IT and data management activities to reduce costs created additional infosecurity risks that weren't being managed adequately.

The in-depth survey of 34 infosecurity professionals with direct responsibility for IT security services in their organizations revealed frustration with the lack of funds for preventative security measures. Some commented that the lack of resources causes them to make tough allocation decisions that may leave the company's critical infrastructure vulnerable.

Some of the greatest strains to the budget include hiring and retention, training and awareness programs, keeping up with new tools that might enhance security controls and implementing privacy safeguards.

These security professionals shared information security practices that they believe are key for complex business organizations.

  • Integrate information security management with the company's privacy, corporate compliance and internal audit initiatives.
  • Designate that the CISO report directly to senior management with periodic update reports to the CEO or board. Information security must be owned by a member of senior management to get enough budget authority to get the job done "right." Decentralized IT infrastructure in many companies makes it important to have employees in various autonomous IT units own responsibility for information security management.
  • Introduce enabling technologies that help prevent common threats to data security and privacy. While new technologies in perimeter control, connectivity and authentication could be of enormous value in mitigating security risks, many aren't being used due to limited time and budgets.
  • Create the best possible training program. Employee negligence is a major factor of serious security breaches. Teaching employees the "dos and don'ts" of information security can infuse the company with a culture that promotes personal accountability for safeguarding information and IT equipment.
  • Conduct vigorous internal monitoring of information security process and controls. Respondents acknowledged the importance of keeping a vigilant eye on the IT and data management infrastructure and of third-party audits, including the early identification of serious security holes and potential regulatory compliance breaches.

    Despite numerous challenges to maintaining security, participants also believe senior management is becoming more sensitive to security risks. Further, there is the growing realization that superior privacy practices can build trust and enhance the organization's reputation in the marketplace. As a result, security professionals are hopeful that they can turn today's security and privacy threats into tomorrow's business opportunities.

    About the author
    Larry Ponemon is chairman and founder of the Ponemon Institute, an organization focused on the development of privacy audits, privacy risk management and ethical information management. For more information about the Unisys Information Security Tracking Study, please contact the Ponemon Institute at

  • Dig Deeper on Emerging cyberattacks and threats

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.