New report finds that 92% of organizations plan to increase cyber security spending
Nearly 80% of enterprise cyber security professionals think that network security is more difficult and complex now than it was just two years ago, according to a new research report.
Respondents to a survey on enterprise cyber security said that the challenges include the rising number and sophistication of malware attacks, an increase in targeted cyber attacks, the volume of new information technology initiatives such as digital transformation and internet of things adoption, and the number of devices connected to the network.
ESG Research conducted the research, commissioned by Spirent Communications. ESG said it surveyed more than 400 information technology and cyber security professionals who knew of or were responsible for their organization’s security planning, implementations or operations. They worked at companies with more than 1,000 employees, and the verticals with the highest participation included financial services (accounting for 18% of survey respondents), manufacturing (16%), retail/wholesale (13%), healthcare (12%) and information technology ( Survey respondents were in the United States, U.K., and Australia and worked at enterprise organizations (i.e., more than 1,000 employees). Respondents represented numerous industry and government segments, with the largest participation coming from financial services (i.e., banking, securities, insurance, 18%), manufacturing (16%), retail/wholesale (13%), health care (12%), and IT (10%).
“Moving security leadership into business planning is rapidly becoming both a necessity and a reality,” said Jon Oltsik, senior principal analyst at ESG Research, in a statement. “Enterprises must balance business considerations with security consciousness to be enablers of growth while keeping risk in check.”
Among the enterprise security survey’s findings:
-Chief information security officers used to be an organization’s top security technical personnel; but the role is evolving toward being held by business executives who are responsible for end-to-end protection of applications and business processes.
-ESG said that its data suggests that “organizations don’t have adequate security staff levels and skills—especially with regards to the intersection of networking and security.” Only 37% of respondents indicated that the skills of their security staff were “adequate in all cases.”
-92% of the businesses surveyed planned to increase their cyber security budgets this year, with network security, cloud security and application security identified as the areas most likely to see increased spending.
-Enterprises’ embrace of new IT initiatives — such as cloud computing, internet of things applications and digital transformation — are happening so rapidly that it is difficult for IT security teams to “learn the nuances of these technology initiatives, understand associated risks, and implement the right security safeguards to protect their organizations,” ESG found.
-The high volume of encrypted network traffic and the use of hybrid public/private cloud architectures also increases the difficulty of cyber security, and ESG added that many of the respondents to its survey said that it is “difficult to balance security with application and network performance requirements.” The research concluded that additional security testing would benefit their organizations and should be part of IT projects from the start, particularly to address the balance between performance and security.
“Security must be a proactive measure within the enterprise,” said John Weinschenk, GM for enterprise Network and Application security at Spirent, in a statement. “To meet the demands of business and the realities of threats and risk, security professionals must be actively involved with the business and integrate security considerations from the very beginning of a project.”