Despite a near constant barrage of news stories about cyber-espionage and cyber-attacks, business and government remain woefully behind the curve in instituting adequate safeguards. Meanwhile, threats grow and the risks multiply. According to the World Economic Forum, only about 30 percent of organizations discuss cyber-resilience at the board level. An Ernst & Young 2012 Global Information Security Survey found that 26 percent of organizations have given responsibility for information security to the CEO, CFO or COO. What’s truly disturbing is that many organizations are becoming more complacent, according to “Threat Horizon 2015,” the latest in a series of reports from the Information Security Forum (ISF), a global independent information security body. The organization recently examined the evolving state of cyber-security and discovered several key themes, including growing attacks on reputations, the increasing value of information in the hands of criminals, a growing challenge of understanding threats and risks, rapidly changing technology and a misunderstanding of government’s role in cyber-protection. “This year’s report found a number of familiar offenders, such as organized cyber-crime, social engineering, mobile devices, social networking, cloud computing and malicious software,” says Steve Durbin, global vice president of ISF. “What’s new this year is the increasing sophistication of these known threats as they mature.” Here are some of the key findings from the ISF report.