Boston, Mass. - August 9, 2018 - IDG Communications, Inc. - the world's leading tech media, data, and marketing services company - announced today the results of its 2018 Security Priorities Study. The research explores the security strategies organizations are embracing along with the technologies and initiatives security decision-makers plan to adopt over the next 12 months (Click to Tweet). As security events continue to make headlines, organizations are looking to invest in people, tools and services to enhance their security posture.
Taking Responsibility for Security
Security continues to be ingrained as a business need, so it is not surprising that 54% of organizations expect their security staff headcount to increase over the next 12 months. For most organizations (75%), security and IT teams are part of the same department, providing an opportunity for enhanced collaboration. When an organization has a CSO or CISO, 40% of the time there is a separate security department. Overall, only 44% of organizations have a CSO/CISO, however enterprise organizations (1,000+ employees) are more likely to have this position (62%) compared to 28% of SMBs (<1,000 employees).
When exploring who holds primary responsibility over security areas, many of the traditional and tech-based security solutions, such as anti-virus/malware, patch management and endpoint protection are controlled by the IT organization. The IT security team has primary responsibility for security intelligence services, security incident/event management and security services. As organizations look to invest in new solutions for the future, IT and security split the responsibility of managing opportunistic technologies. The IT security team takes the lead on cloud-based cybersecurity services, zero trust technologies and cloud access security brokers, while the IT department focuses on configuration management databases, big data analytics and micro-segmentation. When the IT security team has little to no formal control over areas of the business, half of security-focused decision-makers say they exercise influence by seeking greater support from corporate leadership to mandate security as part of the business process. Additionally, 50% say that they offer strategic guidance regarding planned IT purchases.
"At a time when new technologies are rapidly being introduced into organizations, security and business executives must ensure they have well-advised strategies and solutions in place to battle the threat of data hacks," says Bob Bragdon, SVP/Publisher, CSO. "The security team is tasked with leading the collaboration among IT, security and LOB, and now close to half of enterprise organizations are establishing security positions in line of business units to identify and help mitigate risk."
New Investments to Secure the Business
Organizations continue to enhance their security investments, and 52% say their security budgets will increase over the next year, which is up from 42% in 2017. Close to two-thirds (61%) of organizations with a standalone security department expect their security budget to increase in the next 12 months compared to 49% of organizations with joined IT and security departments. Overall, the budget will be allocated to various traditional and emerging solutions. Areas that are actively being researched or piloted today include:
- Behavior monitoring and analysis - 53%
- Big data analytics - 52%
- Zero trust technologies - 52%
- Cloud data protection - 51%
- Cloud-based cybersecurity services - 49%
The top two factors helping to determine the priority of security spending are best practices (74%) and compliance mandates (69%) - the latter increases significantly as a priority for financial and healthcare organizations due to the highly regulated mandates these industries must follow.
Security Strategy Reality vs. Expectation
While security leaders invest in new solutions and put strategies in place, challenges arise that redirect their time and focus. The top security-related challenges forcing security personnel to redirect their attention away from strategic tasks are having to meet governance and compliance regulations (32%), cyberthreats from outside the organization (28%), employee awareness and cooperation (23%) and budgetary constraints/demonstrating ROI (22%). This ranking slightly differs from last year's data - compliance regulations jumped from the third ranked challenge last year and budgetary constraints moved down from the second to fourth challenge this year - which shows that security teams are greatly relied upon while concerns around mandates are heightened and they continue to demonstrate their value.
"By taking these challenges into consideration, security vendors can identify the needs of organizations and be better prepared to support them on their journey to becoming a strategically, secure business," continues Bragdon. "The ultimate goal is to then establish successful partnerships for the future."
About 2018 IDG Security Priorities Study
IDG's 2018 Security Priorities Research was conducted among the audiences of six IDG brands (CIO, Computerworld, CSO, InfoWorld, ITworld and Network World). The survey was fielded online with the objective of understanding the various security projects organizations are focused on now and in the coming year. It also looks at the security functions organizations have in place and the issues that will demand the most time and strategic thinking from IT and security teams. Results are based on 664 respondents who are involved in IT and/or corporate/physical security decisions.
About IDG Communications, Inc.
IDG Communications connects the world of tech buyers with insights, intent and engagement. IDG Communications is the world's largest media, data and marketing services company that activates and engages the most influential technology buyers. Our premium brands, including CIO®, Computerworld®, PCWorld® and Macworld®, engage the most powerful audience of technology buyers providing essential guidance on the evolving technology landscape. Our global data intelligence platform activates purchasing intent, powering our clients' success. IDG Marketing Services creates custom content with marketing impact across video, mobile, social and digital. We execute complex campaigns that fulfill marketers' global ambitions seamlessly with consistency that delivers results and wins awards. IDG is the #1 tech media company in the world, per comScore.*
*Source: comScore Media Metrix, Desktop Unique Visitors, Worldwide, January 2017