Adobe conducted a first-of-its-kind survey of more than 500 private and public sector cybersecurity professionals in the United States to explore their awareness and understanding of public policy developments and gauge how those public policy developments impact their jobs on a daily basis.
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
2018 Adobe Cybersecurity Survey
1. 2018 ADOBE CYBER SECURITY SURVEY
1
GMUNK
CYBERSECURITY PROFESSIONALS’ INSIGHTS ON PUBLIC POLICY
2. O B J E C T I V E S
In a first-of-its-kind study, we surveyed U.S. cybersecurity professionals to understand
their perceptions of cybersecurity and public policy issues
We explored topics such as:
• What are cybersecurity professionals’ top concerns today?
• What are the most important privacy and security issues for governments to address?
• How prepared do they feel for upcoming cybersecurity policy changes?
2
GMUNK
3. Government and Contractor n=76
Non-government/Private n=452
MOE= ± 4.3%
M E T H O D O L O G Y
AUDIENCE MARGIN METHODSAMPLE SIZE TIMING
Cybersecurity
professionals
nationwide
This report is a result of a U.S. nationwide survey of cybersecurity professionals (manager level or above) at a
variety of different organization types and sizes
Survey fielded
September 5-15, 2017
15-minute
online survey
3
OF ERROR
n=528
GMUNK
5. Q12: How much do you agree or disagree with the following statement?
Q25: In general, how well do you understand how these cybersecurity public policy developments will impact your job?
Cybersecurity professionals say policy has a great impact on their day-to-
day jobs and they understand how upcoming developments can affect
their roles
Agree that
cybersecurity
public policy
affects their job
on a daily basis
85%
Understand how
cybersecurity
public policy
developments
affect their job
90%
Impact of Public Policy on Day-to-Day Job
5
Top 2 Box
6. Q26: How prepared do you think you, your organization and your industry are for upcoming cybersecurity policy changes?
Level of Preparedness for Upcoming Policy Changes
Yet, only 37% feel completely prepared for upcoming policy changes, and
even fewer are confident in industry preparedness overall
Say their
industry is
completely
prepared
Say their
organization is
completely
prepared
37%
Say they are
completely
prepared
36%
28%
6
Top Box Only
7. “Regulations contribute to my company's ability to
protect our assets. We as a company need to be ahead of
the curve on all issues involving cybersecurity.”
– Non-Government / Private
83%
Agree that the
regulations in place are
effective in making
things secure
An overwhelming majority of cybersecurity professionals feel government
regulations have a positive impact on cybersecurity
Impact of Regulations on Security
Q6: How much do you agree or disagree with each of the following statements?
Q13: How does cybersecurity public policy affect your job on a day-to-day basis?
7
Top 2 Box
“Policy tends to be a driving force in how
companies/governments begin to react to various threats either
before, or in some cases after, they begin to show up.”
– Government / Contractor
8. 48%
Follow cybersecurity policy issues very closely
However, less than half of cybersecurity professionals follow public policy
issues very closely
Following Public Policy Issues
Q7: How closely do you follow cybersecurity public policy issues? 8
Top Box Only
9. 45%
Almost all cybersecurity professionals agree that more common standards and
frameworks are necessary
Attitudes toward Common Standards
“The most important issue is how to effectively
share threat information and automatically detect
and mitigate them in real-time as well as how to
motivate organizations to implement best
practices.”– Government / Contractor
“[It’s important to] have some sort of uniform standards and
centralized resource relative to what constitutes a
cybersecurity event and how those issues are reported,
responded to, and resolved.” – Non-Government / Private
Agree that the
information security
industry needs more
common security
standards/
frameworks
92%
Q6: How much do you agree or disagree with each of the following statements?
Q14: In your opinion, what are the most important cybersecurity issues for governments to address?
9
Top 2 Box
10. Q6: How much do you agree or disagree with each of the following statements?
Q13: How does cybersecurity public policy affect your job on a day-to-day basis?
However, compliance is a current pain point for cybersecurity professionals
Agree that regulation
makes organizations
focus more on
compliance than on
security
86%
Agree that their
organization spends
too much of their time
and budget on
compliance
64%
“The lack of direction under regulation
causes us to continually change to try to
stay compliant.”
– Non-Government / Private
“There are often conflicting reports and it is
impossible to get anyone to confirm what
regulation or standard is the one to follow.”
– Government / Contractor
Attitudes toward Compliance
10
Top 2 Box
11. 37%
Respondents believe that modernizing technology is critical to effective
government cybersecurity
Attitudes toward Modernizing Technology
Agree that
modernizing
technology is critical
to effective
government
cybersecurity
96%
“The more archaic our defenses are ... the
easier it is to break them down.”
– Non-Government / Private
“You have legacy systems with users who only
know operational concerns, with no time to bring
systems up-to-date. This alone forces people to be
concerned with more uptime than security.” –
Government / Contractor
Q20: How much do you agree or disagree with each of the following statements?
Q21: What are the greatest cybersecurity risks of not modernizing government technology?
11
Top 2 Box
12. Agree that
transitioning legacy
systems to the cloud
is critical to effective
government
cybersecurity
88%
Cybersecurity professionals agree that transitioning legacy systems to the
cloud is critical to effective government cybersecurity
Attitudes toward Legacy Systems and the Cloud
Q20: How much do you agree or disagree with each of the following statements?
Q21: What are the greatest cybersecurity risks of not modernizing government technology?
“Legacy systems are easier to breach and
have the greatest security vulnerability.”
– Non-Government / Private
“Open vulnerabilities in legacy hardware and
software [are the greatest cybersecurity risks
of not modernizing government technology].”
– Government / Contractor
12
Top 2 Box
13. Q3: How important is it for organizations to have each of the following cybersecurity measures in place?
Q5: And which, if any, of the following cybersecurity measures does your organization have in place?
Cybersecurity professionals say monitoring to detect breaches and protect data
at the file level is important, yet only half have tools in place to do so
Current Practice
88%
Say it is important to monitor
to detect breaches and
protect data at the file level
Currently in placeImportant
49%
Say that monitoring to
detect breaches and protect
data at the file level is
currently in place at their
organization
Monitoring to Detect Breaches and Protect Data at the File Level
13
Percent SelectedTop 2 Box
Importance vs.
14. 14
Automating system patching is another opportunity for more effective
cybersecurity
Q3: How important is it for organizations to have each of the following cybersecurity measures in place?
Q5: And which, if any, of the following cybersecurity measures does your organization have in place?
Say that automating
system patching is
important
80%
Automating System Patching Importance vs. Current Practice
Say that automating
system patching is a
measure that is in place at
their organization
44%
Current Practice
Currently in placeImportant
Percent SelectedTop 2 Box
Importance vs.
15. The overwhelming majority of cybersecurity professionals say critical
infrastructure is important for governments to address
Importance of Cybersecurity Issues for Governments to Address
Q15: How important are each of the following cybersecurity issues for governments to address?
91%
Say that critical infrastructure is
important for governments to address
15
Top 2 Box
16. Respondents are most informed about cybersecurity policy developments at
the federal level
Informed of Recent Public Policy Developments
77%
80%
87% Are informed about
recent federal level policy
developments
Are informed about recent
state level policy
developments
Are informed about recent
international level policy
developments
Q22: How informed do you feel about the latest cybersecurity public policy developments that have occurred over the last six months at the…? 16
Top 2 Box