Antone Gonsalves

IT security pros lack confidence in preventing cyber attackers from stealing high-value data and say upper-management lacks an understanding of the potential losses, a global study shows.

The findings of the survey, sponsored by Websense and conducted by the Ponemon Institute, point less to a need for technology and more to a lack of shared intelligence on cyber threats and poor communications between security pros, CEOs and board-level executives, Jeff Debrosse, director of security research for Websense, said.

The survey of nearly 5,000 IT security pros in 15 countries, including the US, found roughly six in 10 convinced the organizations they worked for were not adequately protected against advanced cyberattacks. About the same percentage felt the same when it came to stopping the theft of confidential data. The lack of confidence is expected, given that no security products are capable of building an impenetrable wall against attacks, Debrosse said.

To bolster confidence, security pros should share attack intelligence to get a better understanding of their foes and how to defend against them. However, progress towards more information sharing between organizations has been slow, due to fears that rivals would use the data for competitive advantage, experts say. Government information is also hard to get due to fears of compromising national security. Instead, most private data shared today is between large organizations within single industries.