Threat actors are not only increasing the frequency of their cyberattacks, they are constantly working to evolve their techniques to capitalize on unsuspecting end users and unpatched software alike. A recent study conducted by Oracle asked policy makers, C-Suite executives about their insights regarding cyberthreats, and their opinions on how to address them.
After crunching the data, the researchers found that most of the C-Suite executives and policy makers surveyed believe in the need to invest in security software, infrastructure and emerging technologies is critical to protecting data in the United States from growing cybersecurity risks.
The report, “Security in the Age of AI” details the views and actions of C-Suite executives, policy makers, and the general public related to cybersecurity and data protection.
When asked what would make the U.S. government better equipped to secure data, 51% of C-Suite executives and 62% of policy makers cited investing in IT/security infrastructure; 59% of the C-Suite and 60% of policy makers cited investing in security software. When it comes to their own security investments over the next 24 months, 44% of executives and 33% of policy makers plan to purchase new software with enhanced security; and 37% and 25%, respectively, plan to invest in newer, more secure infrastructure solutions.
Additionally, both C-Suite executives and policy makers view “human error” as the top cybersecurity risk for their organizations. However, in the next two years, they are choosing to invest more in people—via training and hiring—than in technology, such as new types of software, infrastructure, and artificial intelligence (AI) and machine learning (ML). This is interesting as these technologies are deemed essential for not only advancing security, but also significantly minimizing human error. Only 38% of C-Suite executives and 26% of policy makers plan to invest in AI and ML to improve security in the next 24 months.
“We are at a critical juncture in our cybersecurity journey, as more decision makers in the public and private sector recognize the benefits of investing in next-generation technology designed for security to make progress on addressing previously intractable threats, instead of relying solely on people or legacy technology,” said Edward Screven, Chief Corporate Architect at Oracle. “That said, there is a delta between what C-Suite executives and policy makers think is best for America’s cyber future and the actions they are taking for their own organizations, indicating a greater need for business and government to understand how and why next generation technologies are so critical for their own cyber defenses.”
Queried about what their organization has done over the past five years to improve security, both C-Suite executives and policy makers said they had upgraded existing software (60% and 52% respectively) and trained existing staff (57% and 50% respectively). Just over half (54%) of C-Suite executives and 41% of policy makers have purchased new software with enhanced security features, with 40% of C-Suite executives and 27% of policy makers having invested in new infrastructure solutions.
Industry Reponsibility in the Face of Cyberthreats
As for their perceptions of the greatest security threat to the technology industry, attacks by foreign governments was ranked highest by respondents (C-Suite 30%; policy makers 37%). Seventy-eight percent of C-Suite executives, 75% of policy makers and 64% of the general public believe the technology industry is well equipped to protect data. Additionally, 79% of C-Suite executives and policy makers, and 64% of the general public trust the technology industry to behave responsibly and in the best interests of the American public, as it relates to data security. Interestingly, only one in three C-Suite executives (34%) and policy makers (32%) think it is the government’s responsibility to protect consumer data, highlighting the critical role the technology sector plays in keeping U.S. data protected.
“While the government has an important role to play in keeping America’s data safe, today’s increasingly dangerous cybersecurity landscape means it can’t be expected to out-innovate attackers on its own. That’s our job,” said Screven. “The U.S. government and businesses will need to rely on the technology sector more to advance the nation’s cyber defense. We can build data centers, hire talent and secure data at scale more efficiently than any one individual customer can.”
Impacts of Artificial Intelligence on Security
Only 33% of C-Suite executives and 20% of policy makers adopt and implement AI and ML to its fullest potential, yet they strongly believe autonomous technologies powered by AI and ML will improve the way they protect and defend against security threats.
“For the past several years, our R&D efforts have been focused on ways to out-innovate the most sophisticated security threats we could imagine. That’s why Oracle Cloud Infrastructure was rebuilt with separation between application and security processing and designed to run the Oracle Autonomous Database. The Oracle Autonomous Database uses AI to deliver the world’s first and only self-driving, self-securing and self-repairing database that repairs, patches and updates itself,” Screven added. “These and other Oracle cloud security technologies based on machine learning can become the cornerstone of an organization’s cybersecurity defense strategy.”
In addition to benefiting the state of data security in the U.S., the majority of C-Suite executives (88%), policy makers (89%) and the general public (77%) believe autonomous technologies will positively impact the U.S. economy, with “increased productivity” cited as the top benefit.
About the Report
Oracle commissioned technology sector researchers Paradoxes Inc. in the Fall of 2018 to conduct targeted research with the aim of understanding perceptions of C-Suite executives, policy makers, and the general public on the current state of U.S. cybersecurity. The survey tool was created by an experienced team of technology and policy researchers who have worked in this space for over 20 years. The research was conducted in January and February of 2019 using a 15-minute-long blind online survey directed at parsing respondent’s awareness, engagement, corporate and government trust, and current and future plans with technology security practices. The survey tool did not reveal the commissioning company. Respondents were government policy makers and influencers of various levels located in the U.S. Beltway, enterprise C-Suite executive decision makers—both technology and data focused—and an educated and technologically engaged portion of the general population. The sample consisted of 775 U.S.-based respondents, 341 C-Suite executives (4% margin of error), 110 government policy influencers (8% margin of error) and 324 members of the technologically engaged public (4% margin of error).