Though governments around the world have made an effort to establish national cybersecurity strategies, 66 percent of cybersecurity professionals said that those strategies were incoherent or incomplete, according to a survey conducted by the Enterprise Strategy Group (ESG) and Information Systems Security Association (ISSA).
“Unfortunately, many government cybersecurity strategies remain nebulous at best—at least within the cybersecurity professional community,” Jon Oltsik, ESG senior principal analyst, wrote in the survey.
Despite the lack of clarity from governments, the survey also found that a majority of cybersecurity professionals want their governments to be more active in cyber strategy, with 57 percent wanting their government to be significantly more active and 32 percent saying that they should be somewhat more active.
“Government programs may be unclear and incomplete, but that doesn’t mean they are unwelcome. In fact, the ESG/ISSA data reveals that the opposite is true,” Oltsik wrote.
When it came to specific areas of involvement, 54 percent of those surveyed wanted more cyber information sharing with the private sector, 44 percent wanted incentives like tax credits for improving cybersecurity, and 43 percent said that the government should provide funding for cybersecurity training and education.
“Simply stated, these findings represent an existential threat. How can we expect cybersecurity professionals to mitigate risk and stay ahead of cyber threats when they are understaffed, underskilled, and burned out?” Oltsik said.
The survey also encouraged businesses to make an effort to lobby government for greater cybersecurity involvement and incentives.