More than half (58%) of enterprises in the META region have dedicated departments to manage their cyber security, although only 25% of companies of this size have an in-house security operation centre (SOC) responsible for continuous monitoring and responding to security incidents.
At the same time, improving internal specialists’ expertise was listed as the most important reason in the META region to increase the IT security budget over the coming years.
These were two of the findings of a Kaspersky Global Corporate IT Security Risks Survey (ITSRS), which interviewed a total of 5 266 IT business decision-makers across 31 countries in June last year.
Respondents were asked about the state of IT security within their organisations, the types of threats they face and the costs they have to deal with when recovering from attacks.
According to the survey, businesses, and large enterprises in particular, need skilled professionals to protect themselves from ever-evolving cyber attacks.
However, while combining IT and security functions within a single department can be convenient and speed up many processes to this end, this approach also contradicts the segregation of duties principle, as the same individuals would be tasked with day-to-day IT initiatives as well as the evaluation of corresponding security risks.
Respondents were asked if their organisations employ highly specialised units within a cyber security department. In addition to an SOC, 19% said they have dedicated threat intelligence teams and a further 20% have a dedicated malware analysis team.
The majority of organisations also said they were assigning budget to upskill their IT security staff. About 72% of those surveyed expect their investments into IT will grow in the next three years. Among these, 48% said they are driven by a desire to improve internal specialists’ expertise, making it the first most common reason to increase the IT security budget.
Sergey Martsynkyan, head of B2B Product Marketing at Kaspersky, said the results show that enterprise cyber security departments are not all the same, and that their needs and requirements vary.
The full report is available here.
Share