Survey: One Quarter of Healthcare IT Security Pros Cite Little Confidence in Ability to Manage Digital Threats | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Survey: One Quarter of Healthcare IT Security Pros Cite Little Confidence in Ability to Manage Digital Threats

August 23, 2017
by Heather Landi
| Reprints

A recent survey of IT information security decision makers found that 68 percent of respondents have, at best, only modest confidence in their ability to manage digital threats, and a quarter of healthcare information security decision makers cited little to no confidence in their ability to assess digital risks.

RiskIQ, a San Francisco-based digital threat management solutions company, released new independent research on the state of digital defense, with the predominant finding being organizations believe their digital transformation efforts have outpaced security capacity. The survey, called the 2017 State of Enterprise Digital Defense Report, includes a range of industries, including healthcare and pharmaceutical, as well as financial services, banking, technology, retail, manufacturing, publishing and media, entertainment and hospitality, and consumer goods.

The research, conducted by IDG Connect, examines the current landscape of digital threats and the maturity of defenses to protect an organization’s digital presence. The findings quantify the security management gap and business impact of external web, social, and mobile threats. Survey respondents included 465 IT information security decision makers in organizations with more than 1,000 employees in the U.S. and U.K.

In conducting the survey, RIskIQ wanted to gauge the levels of confidence in the ability to see near-term improvements in digital security, taking into account future planned investments and activities in regard to resources, intelligence and tools.

About a third of respondents have significant confidence in their ability to improve, but it discovered a very significant number of respondents—about a fifth—that have zero to little confidence that things are on the up.

And over two-thirds (68 percent) have, at best, modest confidence to manage digital threats. What’s more, 69 percent cited no to modest confidence to mitigate or prevent external digital threats, and 70 percent of respondents have no to modest confidence in reducing their digital attack surface, expressing the least confidence in threats against web, brand, and ecosystem assessment.

Respondents in the healthcare and pharmaceutical sector felt particularly at a loss with almost a quarter (24 percent) saying they felt little to no confidence in their ability to assess digital risks, according to the survey findings.

“This suggests that our audience sees only limited opportunity to step up and address current digital threat management challenges given present investment and tool implementation,” the report authors wrote. “While they might well have mature defenses behind the firewall and in the cloud, the results here suggest that maturity needs to be replicated in external threat management with budgets given to stop digital risks and attackers. Certainly, the challenges of discovering, investigating, assessing risks, mitigation and prevention require urgent attention.”

The majority of those surveyed are aware that some of their digital security measures are immature or ineffective, with only 31 percent expressing high confidence in the likelihood that their organizations can mitigate or prevent digital threats—despite all respondents increasing their near-term digital security spend. Over half of survey respondents expect their near-term digital defense investment to increase between 15 to 25 percent or higher. 

“Overall, the survey revealed a bleak outlook of organizations’ digital defense posture, with many enterprise security practitioners overwhelmed by the scale and tenacity of external digital threats and lacking confidence in their processes, systems, and tools. The results were not without shimmers of positivity as organizations expressed a substantive increase in buying tools and managed services. Further region and industry comparative differences are also evident,” RiskIQ wrote.

"While the results were both eye-opening and disturbing, the survey findings and insights should empower corporate leadership and IT security professionals to examine how their organizations are protecting their businesses, customers, and brands, and fortifying digital transformation," Martin Veitch, editorial director at IDG Connect, said in a statement.

The survey found that business digital transformation and the external threat landscape have outpaced enterprise security capacity. According to respondents, an average of 40 percent of organizations experienced five or more significant security incidents in the past 12 months among most cited external threats: malware, ransomware, phishing, domain and brand abuse, online scams, rogue mobile apps, and social impersonation.

The survey findings also indicate that larger companies felt that they were better able to update control systems and collaborate across departments, perhaps showing the benefits of scale. Conversely, smaller companies felt best able to inform others about the status of external attacks, perhaps reflecting the benefits of having a smaller base to worry about.

Across industries, an average of 35 tools are employed to thwart web, social, and mobile threats. Forty-four percent of organizations plan to increase digital defense investment by 15 to 25 percent, and 14 percent will increase tool and service expenditure by more than 25 percent; both U.S. and U.K. have similar spending expectations.

Organizations outsource a third of digital threat management tasks to managed security service providers, and outsourcing will grow by nearly 13 percent CAGR over the next two years, the survey found.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Study: Use of EHRs Does Not Reduce Administrative Costs

A recent study by Duke University and Harvard Business School researchers found that costs for processing a single bill ranged from $20 for a primary care visit to $215 for an inpatient surgical procedure, or up to 25 percent of revenue.

Kibbe to Step Down as CEO of DirectTrust

David Kibbe, M.D., M.B.A., announced he would step down as president and CEO of DirectTrust at the end of the year.

Sequoia Project Exec Appointed to HITAC’s Interoperability Task Force

The Sequoia Project’s CIO/CTO, Eric Heflin, has been appointed to the Health Information Technology Advisory Committee’s (HITAC) U.S. Core Data for Interoperability Task Force (USCDI).

Healthcare Orgs Report Improvements in Quality, Cost Using Data and Analytics

In 2017, nearly three dozen organizations ranging in size from small community hospitals to some of the nation’s largest integrated delivery systems documented 125 improvements in quality, cost and efficiency using technology and improvement processes.

Consortium to Promote Implementation of a FHIR Genomics Platform

At this week’s HL7 Genomics Conference in Washington, D.C., a new group was introduced to promote implementation of a FHIR Genomics platform.

Cedars-Sinai Collaborates on Organs-on-Chip Precision Medicine Project

Scientists at Los Angeles-based Cedars-Sinai, in partnership with biotechnology startup Emulate, are pioneering a Patient-on-a-Chip program to help predict which disease treatments would be most effective based on a patient's genetic makeup and disease variant.