- Keeping up with the security needs of new IT initiatives (40%)
- Finding out about IT initiatives/projects that were started with no security oversight (39%)
- Trying to get end users to understand cybersecurity risks and change their behavior accordingly (38%)
- Trying to get the business to better understand cyber risks (37%)
- The overwhelming workload (36%)
- Constant emergencies and disruptions that interfere with primary tasks (26%)
- The fear of getting something wrong (25%)
- Keeping up with internal and regulatory compliance (25%)
- Monitoring the security status of third parties (24%)
- Sorting through the myriad security technologies (17%)