In a recent survey of IT professionals with cybersecurity decision-making responsibilities, conducted by Kaspersky Lab, 77% of the respondents said their enterprises are likely to be the target of a coordinated cybersecurity attack during the next 12 months.

More important, and much more disturbing, the State of Industrial Cybersecurity 2018 report showed that 48% of the respondents have no cybersecurity incident response plan in place to counteract an attack if and when it occurs. This lack of preparedness exists despite the insistence by the overwhelming majority of respondents–more than three-fourths–that cybersecurity is a critical priority for their enterprise.

SEE: Incident response policy (Tech Pro Research)

The state of cybersecurity

The reasons for this lack of readiness across so many industries and so many enterprises, both big and small, revolve around two related problem areas: cost and personnel.

The upfront cost of implementing a full-fledged cybersecurity system for an organization with internet connected devices ranging from computer workstations to IoT sensors is proving to be a financial burden for many enterprises. While 56% of the respondents to the survey expect to increase spending on cybersecurity during the next year, it is not likely to be enough to close every security vulnerability.

Finding and hiring skilled and qualified personnel in the cybersecurity field is also proving to be a major hurdle for enterprises. Some 58% of the IT pros responding to the survey view hiring qualified cybersecurity professionals as a major challenge to their overall success. The challenge lies in both the search for candidates and in the cost associated with compensating experienced cybersecurity professionals.

SEE: Special report: A winning strategy for cybersecurity (free TechRepublic PDF)

The State of Industrial Cybersecurity 2018 report reveals a difficult truth–establishing an enterprise-wide set of internal controls, security protocols, and employee re-education programs requires a qualified and experienced cybersecurity professional. Finding individuals who have those qualifications and who also match the specific needs of your enterprise is not easy. However, if security really is a critical priority for your enterprise, it must be done.

When looking to establish a comprehensive cybersecurity strategy for your enterprise, the IT audit director plays a key role. Security measures and other IT controls don’t work unless they’re implemented consistently, predictably, and with integrity. This is where a dedicated IT audit director can help. Tech Pro Research, TechRepublic’s premium sister site, offers a an IT audit director hiring kit, which includes a sample job description, interview questions, and a want ad that your enterprise can use to search for qualified candidates.

Your enterprise is very likely to experience a successful cybersecurity breach sometime in the next year. Stakeholders in your company expect you to have a strategic plan and the personnel in place to counteract the damage this attack will cause. If those countermeasures are not in place, you may find yourself, and your enterprise, in an untenable situation.

Also read…

Your thoughts

Are you ready for your next security breach? Share your thoughts and opinions with your peers at TechRepublic in the discussion thread below.