Sign In

Communications of the ACM


Cybersecurity: Is It Worse than We Think?

computers at edge of crator, illustration

Credit: Novikov Aleksey

Cybersecurity consistently receives significant attention, pressuring organizations to take precautionary steps to prevent incidents and data breaches. Numerous surveys are published each year by reputable organizations such as Deloitte, Verizon, The Ponemon Institute, and ISACA to get a better sense of what organizations are doing in response to these pressures. The general attitude is that threats evolve quickly and many organizations struggle to keep up.5 Much of the data available on this subject comes directly from cybersecurity professionals, which provides legitimacy to the findings. However, it also represents a somewhat biased sample in that responding organizations have already committed resources to tackling these complex issues. Further, there is limited analysis on how individual organizations are changing over time as such reports typically provide industry-level observations. We seek to complement the myriad security research notes by investigating specific cybersecurity practices within organizations to evaluate where organizations are showing improvement, where they are stagnant, and what may be influencing these changes. Our results confirm that cyber-security continues to receive attention on the surface, but when looking beyond surface-level impressions a surprising lack of progress is being made.

Back to Top

Peeling Back the Layers

Each year, the Society for Information Management (SIM) conducts the IT Trends Study—an extensive survey of CIOs and top IT executives to evaluate IT practices within organizations.1 Organizations come from 30 different industries and vary in size, with an average revenue of $4 billion and a median revenue of $400 million. A hallmark of the study is the annual ranking of "organizations' Top IT management Issues" where respondents are asked to select up to five IT-related issues from a list of 41 that are the "greatest concerns to their organization." Cybersecurity has been in the top 10 for a decade as was the top concern for the last three years, signaling that organizations are more worried about cybersecurity than any other IT concern. However, the percentage of organizations selecting cybersecurity was only 41.9% in 2017, 38.3% in 2018, and 35.9% in 2019, suggesting a reality where a relatively small percentage of organizations treat it as a top concern.


No entries found

Log in to Read the Full Article

Sign In

Sign in using your ACM Web Account username and password to access premium content if you are an ACM member, Communications subscriber or Digital Library subscriber.

Need Access?

Please select one of the options below for access to premium content and features.

Create a Web Account

If you are already an ACM member, Communications subscriber, or Digital Library subscriber, please set up a web account to access premium content on this site.

Join the ACM

Become a member to take full advantage of ACM's outstanding computing information resources, networking opportunities, and other benefits.

Subscribe to Communications of the ACM Magazine

Get full access to 50+ years of CACM content and receive the print version of the magazine monthly.

Purchase the Article

Non-members can purchase this article or a copy of the magazine in which it appears.
Sign In for Full Access
» Forgot Password? » Create an ACM Web Account