security spending

Lack of confidence drives increased security spending

Print Friendly, PDF & Email

A lack of confidence in cybersecurity is driving organizations to again throw money at the problem in 2021. A survey of more than 200 C-level IT and IT security executives in organizations with an average of 21,300 employees finds more than three-quarters (78%) lack confidence in their company’s IT security posture and believe improvements are needed.

Conducted by IDG Research on behalf of Insight Enterprises, a provider of IT services, the report finds executives have the least confidence in their organization’s security roadmap (32%), security-related technology and tools (30%), and internal teams and skill sets (27%).

They reported the highest level of trust in their organizations data management strategy, but even then, less than half (45%) have confidence in it.

As a result, 91% of organizations are increasing their cybersecurity budgets in 2021, which is on top of 96% that previously reported boosting spending in 2020. The survey finds on average organizations have accelerated of five to six initiatives, including threat visibility/identification (73%), incident response (70%), network security (68%), endpoint security (67%), application security (67%), malware protection (64%) and identity and access management (55%).

A report finds only 32% of IT executives have confidence in their security roadmap. #cybersecurity #InfosecClick To Tweet

There is, of course, no absolute correlation between increased spending an improved security. It’s as much about processes as it is platforms and services. Unfortunately, only 27% of respondents expanded their security staff in 2020. Not surprisingly, only 57% conducted a data security risk assessment in 2020. The good news is 41% plan to begin or resume staff expansion this year. Overall, survey respondents identified lack of automation as their biggest cybersecurity challenge (55%).

On another positive note, 59% of respondents report they are incorporating IT security into broader business operations decisions to better combat cyberthreats. In addition, 68% initiated projects to integrate incident response into business continuity plans, while 61% are integrating cybersecurity into infrastructure and DevOps decisions.

A full 100% of respondents report that their boards and executive teams are more focused on the organization’s security posture.

Greater risk, and more attention

There’s no doubt digital business transformation initiatives are driving much of that interest in cybersecurity. Organizations of all sizes have more at risk than ever. The greater the risk, the more scrutiny any initiative is going to attract from senior executives. What is less clear is whether all that extra attention is resulting in greater understanding of, much less appreciation for, cybersecurity.

Regardless of motivation, however, cybersecurity professionals may finally be getting their due. Rather than viewing cybersecurity as a requirement to be met with the least amount of effort possible, it’s now apparent a lack of proper respect for cybersecurity represents an existential threat to the business.

The challenge now, of course, is turning all that awareness into actual enlightenment. Senior executives tend to magically expect results whenever budget is increased. As IT environments become more complex, thanks in part to the rise of the cloud, a lot of the increased spending simply addresses an increase in cybersecurity table stakes. That may not be what senior executives want to hear, but sometimes there are inconvenient facts that like it or not simply can’t be ignored.

Scroll to top