– Almost half of security organizations are not involved in software development, and security is not among the most important factors when considering an outsourcing provider for software development, yet 69 percent reported application vulnerabilities as their top concern.
--63 per cent of banking, insurance, and finance respondents selected damage to the organizations’ reputation as a top priority. In healthcare, 59 per cent chose customer privacy violations as top priority. 57 per cent of construction respondents chose health and safety as a top priority, and 50 per cent of telecom and media respondents chose service downtime as their top priority.
--28 per cent of respondents believe their organizations can remediate from a targeted attack within a day, and 41 per cent said that they could remediate the damage within one week or less. A good portion of the respondents said they don’t know how long damage remediation may take. With regard to being prepared for a security incident, twice the percentage of respondents in the 2013 survey believe their readiness has worsened in the past year, as did respondents in the 2011 survey.
-– Nearly 70 per cent view certification as a reliable indicator of competency when hiring. Almost half of hiring companies – 46 per cent – require certification. 60 percent of those surveyed plan to acquire certifications in the next 12 months, and the ICS2’s CISSP is still the top certification in demand.
-- Information security professionals are enjoying stable employment. Over 80 per cent of respondents reported no change in employer or employment in the last year, and 58 percent reported receiving a raise in the last year. The number of professionals is projected to grow steady globally by more than 11 per cent annually over the next five years. The global average annual salary for ISC²-certified professionals is US$101,014, which is 33 percent higher than professionals not holding an ISC² certification earn.