Black Hat Survey: Nearly 80% of InfoSec Leaders in Europe Foresee Critical Infrastructure Breaches Across Countries in Next Two Years

Posted by on November 16, 2017

Research reveals biggest security worries and the impact of Europe’s General Data Protection Regulation (GDPR) and the NIS Directive

Europe’s information security leaders are predicting widespread breaches in the next two years – and they don’t feel prepared to handle, even with recent government initiatives.

In Black Hat’s newest research report entitled, The Cyber Threat In Europe, findings are revealed from a September 2017 attendee survey of nearly 130 IT and security professionals from more than 15 European countries. The report details major concerns among the InfoSec community including critical infrastructure security, nation state attacks, enterprise security risks, and the implications of the NIS Directive and GDPR requirements.

Black Hat is the most technical and relevant information security event series, and its attendees are one of the most experienced and highly trained audiences in the world. Of those surveyed for the report, many hold high-level positions within sectors spanning financial services, biotechnology, construction, healthcare, communication, and government.

Who is a Threat to Europe’s Critical Infrastructure?
Almost half of the respondents cite a foreign power—terrorist organization, rogue nation or large nation-state—as the primary threat to Europe’s critical infrastructure. 42% also attribute the biggest threat to cyber espionage by major nation states like Russia and China and attacks by rogue nations such as North Korea pose the biggest threat. Most respondents are primarily worried about a multi-country breach rather than a critical infrastructure breach limited to their own country. These fears are heightened as a result of previous events, including the 2015 and 2016 Ukraine power grid attacks.

What Role are the NIS Directive and GDPR Requirements Playing
Only 11% believe that implementing the NIS Directive – the first Europe-wide legislation on cybersecurity – will make Europe’s critical infrastructure more secure. Meanwhile, nearly 40% believe that a lack of required skills is the primary reason why security strategies fail, and the shortage is only being exacerbated by GDPR requirements at many organizations. Another 34% believe that implementing GDPR will add to the IT workload and budget, but won’t have a major impact otherwise.

Why Are Organizations at Risk?
A troubling 65% of the respondents believe that they will have to respond to a major security incident within their organization in the next 12 months. Driving this thought is a lack of budget and staffing. Nearly 60% of the respondents say they do not have enough of a security budget to mount an adequate defense, while 62% say they do not have enough security staff to defend against modern cyber threats. Additionally, 62% fear that enterprise data in Europe has become less secure because of recent activities in Russia and China. 42% believe that European law should be changed so enterprises can take offensive action against attackers, suggesting that professionals are frustrated over the ability of attackers to go unscathed while governments grapple over questions of attribution and proportional response.

Download the Full Research Report
These findings are an urgent call to planners in government and industry to adequately fund cybersecurity initiatives and ensure that regulatory mandates and compliance efforts are properly aligned with security imperatives. For actionable insights and more information related to these critical industry trends and findings, download a copy of The Cyber Threat In Europe, here: blackhat.com/latestintel/11142017-november-14-2017-attendee-survey.html

Black Hat Europe 2017: December 4–7, London, UK
Drawing from this compelling research, Black Hat will host some of the brightest minds in the InfoSec community at Black Hat Europe 2017. The event will feature a robust program, spanning everything from smart grid and critical infrastructure vulnerabilities to mobile attacks, applied security, machine learning, and more. The event will take place December 4-7 at the EXCEL London, in London, England. For more information and to save €200 on your briefings pass by December 1, please visit: blackhat.com/eu-17