How much of an uphill battle are CISOs facing? A pretty big one, at least according to the headlines. There’s no shortage of reports of companies around the world being breached — and those are the public reports — or individuals whose PCs or smart phones are hacked.

Among the latest is retailer Eddie Bauer, which last week warned customers that malware infected its point of sale systems in both Canada and the U.S. at retail stores, possibly compromising payment card information  were affected by malware, enabling unauthorized parties to access payment card data this year up to July 17.

So when Computerworld U.S. asked some experts about the state of cyber security there were no shortage of people who were grim:

–“Companies are worse off by 100% [with cybersecurity] compared to 10 years ago because the world is more complicated now,” Gartner analyst Avivah Litan was quoted as saying.

–“The private sector isn’t doing nearly as much as they should and could be doing with security,” said Patrick Moorhead of Moor Insights & Strategy.

–Jack Gold, an analyst at J. Gold Associates said his research shows organizations on average fall six months behind in providing security patch updates, a delay which doesn’t improve things.

–The optimist in the pack is Robert Westervelt of IDC, doesn’t think things are worse. But, he adds, “It’s two steps forward, and then external factors make you take a step back. It’s a never-ending story. We’re always playing catch up.”

By coincidence, Cybersecurity Ventures — a market research firm owned by Canada’s Herjevec Group — released a report predicting global annual cybercrime costs will grow from US$3 trillion in 2015 to US$6 trillion annually by 2021. Nearly half of all cyber-attacks are committed against small businesses, it adds.

What’s your take as an infosec pro? Are things getting better, worse or staying the same. Let us know in the comments section below.