As security leaders know, the threat landscape is constantly evolving. As social, economic and political situations change, organizations must face the threats and risks that follow. The current threats concerning chief security officers (CSOs) in 2023 were analyzed in a recent report by Allied Universal.

The report found that 47% of CSOs cited economic unrest as a concern in the coming 12 months. Ninety percent of respondents said cyber threats that threaten physical security systems are challenging to operations, and 88% of chief security officers said company leaders are more concerned with cybersecurity than physical security threats.

CSOs anticipate that economic unrest will be the greatest security-impacting hazard to affect their operations over the next 12 months, cited by 47% of respondents. Thirty-five percent of CSOs anticipate a threat in the next year, up from 31% in the last 12 months. There is also an increase in threats expected from disruption of energy supplies. According to the report, the threat from war and political instability is also likely to increase, with 32% anticipating a threat, up from 25% in the last year.

Climate change is expected to be the second most likely security-impacting hazard, reported by 38% of participants in the next 12 months. More than one-third (34%) of CSOs confirmed their company has experienced a security hazard due to climate change.

Pandemics were cited by 42% of respondents as biggest security-impacting hazard last year, a hazard that is expected to recede in the next year. It is the hazard that most correlates with implementing more effective security — meaning it was the hazard most likely to drive companies to improve their security, according to the report.

The report found that people skills in frontline security professionals are more important than physical attributes of strength for nine out of 10 respondents. Global companies recognize the value of highly skilled and intelligent security professionals protecting their most important assets, with 94% saying the ability to speak multiple languages and 96% saying a higher education degree are important for a frontline security professional.

Twenty-five percent of publicly-listed companies reported a drop in value following an external or internal security incident over the last year. The two threat actor groups that caused the most security incidents over the previous 12 months were subversives — hackers, protestors, or spies — and economic criminals, where 39% of respondents reported experiencing threats from both groups.

Nine in 10 respondents said their company experienced some form of internal threat in the last year.

Find out more here.

Even with increased automation, an organization’s cybersecurity strategy is only as strong as its employees. According to a Fortinet report, 84% of surveyed security leaders experienced one or more breaches in the past 12 months, up from 80% in 2021. Twenty-nine percent had five or more intrusions versus 19% the previous year, and 48% suffered breaches in the past 12 months that cost more than $1 million to remediate, up from 38% in 2021.

The report found that 81% of cyberattacks were in the form of phishing, password and malware attacks. Sixty-five percent of the survey respondents expect the number of cyberattacks to increase. North American respondents expect a 25% increase in attacks over the next year. Respondents in Europe, the Middle East and Africa expect a slightly lower increase at 17%. Because of this, organizations are looking for ways to increase their cybersecurity preparedness. This includes communicating with executives and attempting to hire additional security personnel, since 68% of organizations indicate they face additional risks because of cybersecurity skills shortages.

Ninety-three percent of respondents indicate their board asks about cybersecurity, up from 88% in 2021. In 2022, 83% of boards suggested increasing IT security headcount, compared to 76% in 2021. The report found that 93% of leaders believe their organization is doing everything it can to deal with increasing attack volumes.

One of the ways organizations are working towards this is by hiring based on security certifications. Ninety percent of leaders prefer to hire individuals with technology-focused certifications. Eighty-two percent indicate that their organization would benefit from cybersecurity training in the form of certifications, and 75% indicate that their organization would benefit from security awareness and training for all employees.

Nearly all leaders (95%) with certifications themselves or who have a certified employee on their team have experienced positive results. Seventy-two percent indicate increased cybersecurity knowledge and 62% indicate better performance of duties. Fifty-five percent indicate that certification has sped up their career growth, and 47% indicate higher salaries, up from 29% in 2021.

In addition to looking for certifications, security leaders have worked to increase diversity within the field. Approximately 40% of respondents report difficulty finding qualified candidates who are women, military veterans, or from minority backgrounds. Eighty-three percent of organizations have near-term diversity hiring goals, down from 89% in 2021. Thirty-seven percent of respondents indicate network security roles are hardest to fill, while 32% indicate software development roles are hardest to fill. The majority (54%) indicate retention is also a challenge.

Find out more here.