New Security Research Highlights the Relationship Between Security Structure, Company Size & Business Decisions

Roadmap for collaboration between security, IT and business executives to be discussed at upcoming CIO/CSO SecurIT event

Framingham, Mass. – April 27, 2017IDG Enterprise — the leading enterprise technology media company, comprising CIO, Computerworld, CSO, InfoWorld, ITworld and Network World — today released the results from its 2017 Security Priorities study which provides insight into the security roles and technologies that help accelerate enterprise growth by mitigating risk. Security continues to be a top business focus, and the study sought to better understand the security projects organizations are focused on, as well as the issues that will demand the most time and strategic response from security and IT teams. Organizations are turning to their security teams to help build business strategies as digital enterprises continue to take shape and cyber threats evolve. (Click to Tweet)

Priorities of Security & IT Teams
As enterprise organizations (1,000+ employees) embrace new technologies, the importance of specialized security teams is underscored. Two-thirds of enterprise organizations have a CSO/CISO role, compared to only 24% of SMB organizations (<1,000 employees). Additionally, enterprise organizations are nearly three times more likely than SMBs to have a standalone security department versus IT and security being managed together (58% enterprise vs. 85% SMB), and that appears to translate into more mature security practices (view image). Beyond differences in organizational structure, enterprise organizations are more likely to see budget increases in the coming year. Approximately half (48%) of enterprise organizations expect an increase in their security budget compared to 34% of SMBs. These additional dollars will be allocated to a variety of technologies that organizations are actively researching:

  • 38% behavior monitoring & analysis
  • 37% cloud-based cybersecurity services
  • 36% cloud access security brokers
  • 34% data loss prevention tools
  • 30% security intelligence services

“In order to keep up with the evolving needs of the digital enterprise, organizations are embracing more technologies, but that can expose them to more risk they are unaware of and not prepared for,” said Bob Bragdon, SVP/Publisher, CSO. “This can be compounded as organizations face a security-focused personnel gap – they can’t find qualified people to fill their openings – that’s hindering the value they can derive from security solutions and services. To keep the business functioning, security leaders are being forced to explore alternatives, including having vendors and managed service providers take responsibility for a larger part of operational security.”

Security Staff Needed
Security initiatives continue to grow, which ultimately requires additional skillsets and potentially more dedicated security employees. This is largely seen at organizations that have a standalone security department – 27% say that employee retention and hiring enough skilled workers is a challenge that takes time away from their strategic goals. In the upcoming year, nearly half (48%) of enterprise organizations plan to increase their full-time employee headcount, and 30% plan to increase outsourced security employees.

Putting It into Practice
Multiple security challenges are taking time away from security and IT executives’ strategic plans – including cyber threats from outside the organization, budgetary constraints and the need to demonstrate ROI, compliance regulations, and employee awareness and cooperation issues. However, when an organization has a standalone security department, only 22% say that cyber threats from outside the organization are a challenge, compared to 35% of organizations where IT and security are managed together. Challenges also vary by company size:


Regardless of the structure, vendors help to play a role in securing organizational assets. To evaluate emerging technology vendors, security and IT decision-makers at enterprise organizations rely on pilot tests (67%), as well as attending events to meet with vendors and hear from peers to educate themselves (62%).

To help security leaders create a proactive security strategy aligned with the business needs, CIO and CSO have launched SecurIT, a unique event for security decision-makers to come together and share ideas and develop solutions for the security challenges that businesses face due to digital transformation. Solutions that security and IT executives are actively researching and increasing their budget for today align very closely with the SecurIT agenda topics:

  • Threat protection/preventing breaches
  • Social engineering
  • Managing regulation and compliance
  • Managing the IT/security relationship
  • Managing third-party risk or skills alignment

“Security is a business issue, and this research amplifies the fact that collaboration between security, IT and business executives is necessary to create and implement a comprehensive security posture,” said Adam Dennison SVP/general manager, IDG Events & publisher, CIO. “We are excited to host SecurIT to facilitate and encourage this important conversation between stakeholders. This one day event will bring security practitioners and vendors together to discuss solutions for elevating security practices, which is exactly what is needed in this time of transformation.”

About 2017 IDG Enterprise Security Priorities Study
IDG Enterprise’s 2017 Security Priorities Research was conducted among the audiences of six IDG Enterprise brands (CIO, Computerworld, CSO, InfoWorld, ITworld and Network World). The survey was fielded online with the objective of understanding the various security projects organizations are focused on now and in the coming year. It also looks at the security functions organizations have in place and the issues that will demand the most time and strategic thinking from IT and security teams. Results are based on 694 respondents who are involved in IT and/or corporate/physical security decisions. 

About SecurIT
June 21, 2017 | The Ritz-Carlton Tysons Corner
| McLean, VA
SecurIT, part of IDG’s Security Day, is the event where senior decision-makers come to learn from peers and experts and explore information security solutions. Through IT and security executive keynotes along with content from leading security product and service providers, this event will give IT, security and business decision-makers a holistic view of techniques and solutions for protecting data, assets, customers and employees. More information can be found at Current sponsors include: Unisys, Esentire, Gemalto and Lookout.

For more information about sponsorship opportunities, please contact Bob Bragdon at 508.935.4443 or

About IDG
IDG is the world’s largest media, data, and marketing services company whose mission is to help our global audience make the smartest technology purchasing decisions. Our premium brands, including CIO®, Computerworld®, PCWorld® and Macworld®, engage the most powerful audience of technology buyers providing essential guidance on the evolving technology landscape. Our global data intelligence platform activates purchasing intent, powering our clients’ success. IDG Marketing Services creates custom content with marketing impact across video, mobile, social and digital. We execute complex campaigns that fulfill marketers’ global ambitions seamlessly with consistency that delivers results and wins awards. Visit for more information. IDG is the #1 tech media company in the world, per comScore.*

*Source: comScore Media Metrix, Desktop Unique Visitors, Worldwide, January 2017

Company information is available at
Follow IDG Enterprise on Twitter: @IDGEnterprise #IDGEresearch
Join IDG Enterprise on LinkedIn
Like IDG Enterprise on Facebook:

Stacey Raap
Marketing & Research Specialist
IDG Enterprise

Recent News

I want to learn more about IDG