Over the past year, Qualsys has asked our 20,000 newsletter subscribers "What is your biggest business challenge?".
And the results are in.
We can confirm that cyber security was the biggest challenge GRC professionals faced from March 2018 - February 2019.
Kate Armitage, Head of Quality Assurance, said: “Our economies are becoming increasingly digitised and heavily-regulated. In just a year, cyber security has shot past ISO certification, leadership engagement and document control to be the single greatest challenge GRC professionals face today."
She added: "That's not to say the other issues have gone away. They are still very real. But there is an overwhelming industry-wide panic to implement formal information security management systems. An increased focus on data management processes, worries over cyber crime, internal GDPR education, privacy impact assessments and information risk / resilience assessments is keeping GRC professionals awake at night."
Kate Armitage: Head of Quality Assurance at Qualsys
The expectation gap
There is a skills and expectation gap when it comes to ownership of information security.
Many GRC professionals don't have the expertise to audit complex new technologies. This makes it impossible to understand risks and vulnerabilities, in order to engineer robust information security processes.
Leadership, CIOs and CTOs look to GRC professionals to lead the way. However, they are really struggling to keep up.
Privacy by Design is taking centre stage in 2019
The ISO 27001 toolkit was the most accessed content on Qualsys’s entire website throughout 2018.
GDPR was the second most popular content. Risk, resilience and business continuity were the third most popular topics.
Qualsys services team have now built "Privacy by Design" into the system configuration training process.