The Security Leadership Research Institute (SLRI) regularly conducts single-question quick polls, called Security Barometers, to informally take the temperature of the security community on specific issues and topics. While these polls don't provide the detail of the SLRI's broader, more rigorous studies, they can help us spot and monitor growing trends.
One Security Barometer topic has been revisited, with only slight variation, seven times in the last 10 years. It asks respondents to choose their top security risk from a provided list, and at the end, it leaves space for additional comments. We recently compiled the submitted comments from those seven surveys to see how their tone and topics shifted or stayed consistent over time.
Here's what we found.
- The insider threat has been a persistent and continuing concern. Each survey, multiple individuals take the extra time to note the importance of this risk, many saying that if they could choose two equally high risks, the insider threat would have been one of them. One respondent in 2012 simply put it this way: "The internal bad actor is my greatest concern/fear."
- Comments show a movement over time toward consolidating insider threat and cyber threat as a combined consideration. It's worth noting here that cyber security is beyond the purview of many of the individuals to whom these polls are targeted, but it still ranks as the #1 risk in every comparable year. Cyber crime spans the gaps between industries and organization sizes to become a universal issue, and as one respondent noted, it also triggers some of the survey's other risk options – business disruption and supply chain issues, for example.
- In the more recent years of the survey – 2019 and 2021 – the comments show an increased pushback against the survey's request to choose one top risk. As one respondent said, "There are so many changing dynamics that could result in a major security incident - selecting one top risk among the choices offered above may skew the picture of the risk landscape." We can hope this pushback corresponds with an increased tendency among security professionals to look for a holistic, unified approach to security – an all-hazards approach – rather than focusing on a narrower risk picture.
- The 2015 and 2016 survey comments included multiple statements about the threat of terrorism. This focus ebbs in later survey comments and is entirely absent by 2021. It's possible that current events impacted these trends. 2015 and 2016 saw the Paris bombings, Charlie Hebdo, the Charleston church shooting, and the mass shooting at the Pulse nightclub. Interesting to note that domestic terrorism is a top FBI concern in 2021, and the January 6 attack on the Capitol had already occurred when that year's survey was conducted, yet terrorism comments did not appear in comments this year.
- There's a consistent focus in comments throughout the years on the challenges of protecting people – most frequently from angry outsiders or coworkers (work place violence/mass shooters). This concern is pressing and present in comments on every one of the seven surveys.
- While only 2% of respondents listed talent shortage as the top threat in 2021, several respondents brought it up in the comments. One wrote "Talent shortage across the enterprise. Causing low morale, excess overtime and increasing the risk of insider threat." This may be a growing area to watch as employee shortages continue due to COVID-19.
Quick polls can give us limited insight into trends in the industry. To participate in our more in-depth research, and to gain the benefits of full participation, visit the Security Leadership Research Institute