• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

Worse than Ransomware? CISOs Share their Biggest 2018 Concern

Data breaches, cyber attacks, ransomware – these things undoubtedly weigh heavily on the minds of modern day CISOs, but not as heavily as one might think. All three of those perennial hot button issues fell short of the top spot in a recent study by The Ponemon Institute of the biggest concerns security and technology executives have for 2018. Instead, the thing they’re most worried about is already in the house, to borrow a classic horror movie trope.

An overwhelming 70% of CISOs surveyed admitted to being concerned about a lack of competent in-house staffers. Those doubts about the security capabilities of the members of their teams rear their head time and again on this survey. Rounding out the rest of the top five in terms of CISO concerns are:

  • Data Breaches (66%)
  • Cyber Attacks (59%)
  • Inability to Reduce Employee Negligence (54%)
  • Ransomware (48%)

Elsewhere in the study, CISOs were asked to predict how their employers’ 2018 would play out. Once again, pessimism regarding staffers reared its head. Nearly two-thirds (65%) said: “A careless employee falls for a phishing scam that results in credential theft.” That answer came up more often than “A significant disruption to business processes caused by malware” (61%) and “significant downtime” caused by cyber attacks (59%).

Business takes a turn for the less secure

Perhaps the most troubling thing in all of this is that security pros seem to feel the business is moving in the wrong direction. Ponemon’s research also found that more than two-thirds (67%) of CISOs believe their organizations are more likely to be victimized by a data breach or cyber attack in 2018 than they were previously.

Among those organizations who feel more likely to be breached, the finger was once again pointed at staffers. Nearly two-thirds (65%) of those surveyed felt their business’ lack of “in-house expertise” is what would come back to bite them in the form of a 2018 data breach. Interestingly enough, further down that same list of potential data breach causes, was an answer that might also shed light on a possible reason for that lack of in-house expertise. Roughly 36% of leaders said their employer isn’t “providing enough training to prevent negligent behavior such as falling for a phishing scam or sharing passwords.”

These findings correlate with Arraya’s own research on the topic. At our Open House last year, we polled IT professionals from across the Mid-Atlantic region about their most painful security challenges. Any guess as to what took the top spot? Once again it was employees. Just under half of our respondents in our poll (46%) said their top challenge was “Protecting my employees from themselves while maintaining productivity and innovation.”

Next Steps: Overcoming security pessimism

It’s easy to come away from Ponemon’s survey – and our own – feeling pessimistic about the state of cyber security today. However, that negativity doesn’t have to be the reality CISOs and their employers contend with this year.

Arraya’s Cyber Security Practice can help position businesses for the cyber security realities of this year and beyond. We can provide training and awareness programs to transform staffers from a security liability into a reliable first line of defense. In addition, through our Managed Services team, we can supplement those staffers with additional hands-on cyber security expertise. Our team can manage and monitor every part of a business environment, alerting organizations to threats, deploying patches, and identifying trouble spots before they can do damage.

To learn more about how Arraya’s Cyber Security team can help your business plan, protect, and prevail against evolving threats, visit: https://www.arrayasolutions.com//contact-us/. We can also be found on social media: LinkedIn, Twitter, or Facebook. Feel free find and follow us on any or all of those sites so you can comment on our blog posts. You’ll also be the first to know about our latest industry insights, exclusive educational opportunities, and more.

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}