Nearly 80% lack confidence in their organisations’ cyber security posture
A staggering 78% of senior IT and IT security leaders believe their organisations do not have adequate protection against cyber attacks, despite increased IT security investments made last year to deal with work-from-home challenges.
This was revealed by a new IDG Research Services survey commissioned by Insight Enterprises, a global integrator of intelligent technology solutions.
Concurrently, this concern over the ability to withstand cyber threats in today’s complex environments is seeing 91% of businesses increase their cyber security budgets this year.
The survey: “Cybersecurity at a Crossroads: The Insight 2021 Report”, delved into the impact of the distributed IT landscape and pandemic-related transition to a remote workforce on IT security, including shifts in modernisation priorities, projects undertaken last year, and major obstacles faced in strengthening cyber security defences.
Respondents included more than 200 C-level IT and IT security executives in organisations with an average of 21 300 employees across a wide range of industries.
Other key findings include the fact that cyber security is being integrated into multiple aspects of the business, indicating rising recognition of the risk that a cyber attack poses to company operations.
A full 100% of respondents reported that their boards and executive teams are more focused on their organisation’s security posture than in the past. More than two-thirds (68%) said they had initiated projects to integrate incident response into company-wide business continuity plans, another 61% are integrating cyber security into infrastructure and DevOps decisions, and 59% are incorporating IT security into broader business operations decisions to better combat cyber threats.
The survey also showed that organisations shifted cyber security modernisation priorities last year in response to the challenges that came hand in hand with the pandemic.
The majority said they pursued multiple projects in categories including threat visibility and identification (73%), incident response (70%), network security (68%), endpoint security (67%), application security (67%), malware protection (64%) and identity and access management (55%).
At the same time, the more complex, long-range security projects took a back seat to block-and-tackle activities such as anti-malware and anti-virus upgrades, multi-factor authentication and firewall as a service deployments.
As a result, relatively few organisations initiated or executed projects in critical areas like identity governance, zero trust, data analytics, AI and machine learning, and SASE implementations.
The survey also looked at the key challenges that businesses face when it comes to strengthening their security posture.
It revealed that more than half (55%) rank lack of automation as the top challenge in security operations and management, reflecting their inability to manually analyse and respond to the flood of notifications and events generated by the increasingly complex security infrastructure we have today.
The problem is compounded by factors including the disparate toolsets involved, outdated technology lacking the APIs to support automation, and the time and advanced skillsets required to implement automated processes.
Not even a third of respondents (27%) said they expanded security staff last year, leaving IT teams stretched very thin and without many of the specialists required to carry out the wide range of tasks necessitated by the year’s evolving threat landscape. However, 41% said they plan to begin or resume staff expansion this year.
Only 57% said they had conducted a data security risk assessment in 2020, despite the need to re-evaluate their security posture in the face of new threats associated with the pandemic. Limited manpower and resources as IT teams addressed emergency security measures likely prevented this critical step in aligning security priorities with current conditions.
Shawn O’Grady, senior VP and GM, Cloud and Data Centre Transformation at Insight, said: “Entering 2020, organisations were in the middle of addressing security challenges associated with the increasingly distributed IT landscape spanning cloud, edge and on-premises environments. These challenges greatly intensified with the rapid work-from-home expansion brought on by the pandemic.”
He added the survey highlighted that companies made strides to address gaps and integrate cyber security into business, operational and IT infrastructure decisions, but there is still a huge amount of work to be done.