IT pros obsessed by cyberattacks take eye off security ball

Gartner says tech staff are so worried about fighting cyberattacks they risk making reactionary and highly emotional choices

Technology professionals are so concerned about the threat of cyberattacks that they could be led to make "reactionary and highly emotional" decisions about the rest of their security estate, according to Gartner.

The analyst's Global Risk Management Survey says that the publicity around cyberattacks and data security breaches has increased awareness of the problems among tech staff to such a degree that they risk losing focus on enterprise risk management and other security issues.

"This shift in focus is driven by what Gartner analysts refer to as fear, uncertainty and doubt, which often leads to reactionary and highly emotional decision making," said the analyst.

"While the shift to strengthening technical security controls is not surprising given the hype around cyberattacks and data security breaches, strong risk-based disciplines such as enterprise risk management or risk-based information security are rooted in proactive, data-driven decision making."

Its survey found that this year only six per cent of respondents said they were focused on enterprise risk management, compared to 12 per cent last year. Gartner warned that this trend needs to be reversed soon or organisations could be at risk.

"An inevitable shift in focus back to these risk-based disciplines will need to occur," it said. "If not, IT organisations may find that more critical, emerging risks will remain undetected, and the company as a whole will be left unprepared."

Despite fear of cyberattacks potentially sparking rash security decisions, Gartner added that it could be good for CISOs' budget.

It said that 39 per cent of its survey respondents had been given extra cash from the powers that be to deal with the problem, up from 23 per cent back in 2011.