Cybersecurity a top area of concern for IT leaders, but organizational preparedness lags

The 2018 Society for Information Management (SIM) IT Trends Study finds that organizations are only "moderately ready" to handle cybersecurity-related threats and issues.

On average, organizations are only “moderately ready” to handle cybersecurity-related threats and issues, according to the 2018 Society for Information Management (SIM) IT Trends Study, which was released Wednesday.

This was the first year that the survey, which has been conducted since 1980, asked respondents to evaluate their overall cybersecurity readiness. The average score was slightly above neutral -- signaling abundant room for improvement in organizational cybersecurity practices. Cybersecurity readiness was found to be slightly
higher at organizations with a Chief Information Security Officer (CISO) than in those without, however only 45.5% of organizations reported having a CISO in 2018. These findings are in stark contrast to the fact that cybersecurity remains as the single most worrisome IT issue for organizations for the second year in a row.

This year, IT executives -- including 495 CIOs -- at 793 organizations participated in the survey. Total revenue for the participating organizations is more than $4.5 trillion, which represents about 23% of the $19.4 trillion U.S. GDP. Collectively, these organizations are expected to spend about $267 billion on IT in 2018.

Results from the study also re-affirm that the IT job market is quite strong -- turnover of IT personnel increased 12.3% from 2017 to 8.2% in 2018. While overall, the average number of full time IT employees is up 3.9% from the prior year. Further, organizations expect IT hiring to rise in 2019 with 75% of organizations projecting
the number of FTEs to increase next year.

For IT leadership within organizations, the survey found that more than 80% of CIOs came to their current position from an outside organization and more than 26% of CIOs entered their position from a previous non-IT position. CIO tenure continues to lengthen and time spent interacting with C-suite executives continues to rise -
- demonstrating that the role of the CIO is becoming more strategic and complex over time.

“The job of CIO is arguably the most challenging of all,” said Leon Kappelman, primary investigator of the study and chair of the Information Technology and Decision Sciences Department at the University of North Texas’ College of Business. “Being a CIO requires operational, organizational, and strategic management capabilities in order to fulfill the promise of digital transformation, deliver business analytics and innovation, mitigate cybersecurity threats, and cope with skill shortfalls, new regulations, and cost-cutting pressures.”

“The facts that CIO tenure is up and they are spending more time with their C-suite peers tells me that many
CIOs are succeeding and are highly valued members of the top management team,” Kappelman added.


About the Methodology:
Since 1980, the Society for Information Management (SIM) has conducted a survey of its members to identify
IT management concerns and to better understand who IT leaders are, how they manage, and what they do. The
2018 study gathered 1,295 responses from 793 unique organizations. A preview of this report will appear in the December 2018 issue of the MIS Quarterly Executive and an edited report will appear in the March 2019 issue.

About the Society for Information Management (SIM):
The Society for Information Management (SIM) ( is the world’s premier organization for IT
leaders. Since 1968, SIM has inspired the minds of the most prestigious IT leaders in the industry -- including
CIOs, senior IT executives, prominent academicians, consultants, and other IT leaders. Today, SIM is
comprised of almost 5,000 members who come together to share, network and give back to their communities
through the collaboration of SIM’s 44 local chapters.