Security Priorities & Investments Outlined in Latest IDG Research
As organizations realize cybersecurity shortfalls, new security solutions are being actively researched
Boston, MA – July 31, 2019 – IDG Communications, Inc. – the world’s leading tech media, data, and marketing services company – releases the 2019 Security Priorities study. In the third year of this study, the research explores the various security projects organizations are focused on now and in the coming year, along with the areas where IT and security decision-makers feel their organizations are falling short in addressing cyber risk. New to this year’s study, we found that the top security priorities for the coming year are improving the protection of confidential and sensitive data (59%), followed by increasing security awareness programs and staff trainings (44%). (Click to Tweet)
Current State of Security
Security is being taken seriously, as 69% of overall organizations report having a CSO, CISO or top security executive – this increases to 88% for enterprise organizations (1,000+ employees) and decreases to 51% for SMBs (<1,000 employees). Although these individuals are expected to manage their organization’s information and data security, there are still many areas where IT/security decision-makers feel their company is falling short in addressing cyber risk. These include failing to address security risks during application development (35%), inadequate employee training/awareness (31%), and lack of security involvement prior to implementing new technologies. There is more of a concern for employee training/awareness at organizations that do not have a CSO/CISO or top security (39%), compared to only 29% when an organization does have a security executive in place. It is interesting to note that security awareness training is high on the priorities list, but businesses still cite it as a major challenge – this speaks to the perpetual problem of employees as a security risk.
“Organizations are constantly trying to adapt to the evolving threat and technology landscapes, whether that be by implementing new security solutions, amending policies, hiring additional security professionals, or all three,” says Bob Bragdon, SVP/Publisher, CSO. “It’s reassuring to see that year-over-year, organizations are actively hiring top security executives in order to strengthen and formalize their information and data security strategy, as well as support the technologies that they are investing in.”
Security Priorities & Investment Trends
In order to overcome their challenges, organizations are prioritizing their security plans, which include improving the protection or confidential and sensitive data (59%), increasing security awareness programs and staff trainings (44%), upgrading IT and data security to boost corporate resiliency (39%), and improving the understanding of external threats (34%). To achieve these goals, organizations are investing in a variety of security solutions. This year’s data finds that organizations are actively researching zero trust technologies (47%), deception technology (40%), behavior monitoring & analysis (39%), and cloud data protection (38%). Legacy security solutions including anti-virus/malware, firewalls, endpoint security and patch management are still the most widely used tools to combat security threats.
Blockchain is an opportunistic technology but businesses are still trying to determine how it can fit into security, beyond solutions such as identity management. Last year’s results showed more interest around blockchain (58%), while this year only 50% of respondents are interested in the technology. Only 25% of IT decision-makers consider blockchain to be a viable technology from a security standpoint, and the key factors that are hindering blockchain adoption include low familiarity with the technology (51%), difficult to integrate with legacy systems (38%), and complexity around industry and government regulations (38%).
Security Budget Allocation
As organizations continue to enhance their security strategies, 50% say that their security budgets will increase over the next year while 46% expect their security budgets to remain the same. Overall, the average annual security budget is $51.8 million which is up from $41.1 million in 2018. Over the next year, we can expect 25% of security budgets to be allocated to skilled staff (salaries and benefits, consultants), 23% to tools and technology, 22% to infrastructure and equipment, 12% to contracted services, 11% to cloud services, and 7% to other such as travel and conferences. Regarding security tools and technology, IT and security decision-makers anticipate their spending to increase in:
- Security education/awareness training (38%)
- Security evaluation services (38%)
- Cloud-based cybersecurity series (38%)
- Authentication (36%)
- Access controls (36%)
A variety of factors determine the priority of security spending, with best practices (73%) and compliance mandates (66%) topping the list.
“While security decision-makers are actively researching and investing in new security solutions, tried and true security tools continue to form the backbone of any organization’s efforts to secure their enterprise,” continues Bragdon. “To best mitigate cyberthreats, it’s important for organizations to evaluate their business, assess the shortfalls they are experiencing and proactively connect with vendors throughout their security strategy plan.”
About 2019 IDG Security Priorities Study
IDG’s 2019 Security Priorities Study was conducted among the audience of five IDG brands (CIO, Computerworld, CSO, InfoWorld and Network World). The survey was fielded online to gain a better understanding of the various security projects organizations are focused on now and in the coming year. The research also looks at the issues that will demand the most time and strategic thinking for IT and security teams, as well as the services that are held in-house versus outsourced. Results are based on 528 respondents who are involved in IT and/or corporate/physical security decisions.
About IDG Communications, Inc.
IDG Communications connects the world of tech buyers with insights, intent and engagement. We are the world’s largest media, data and marketing services company that activates and engages the most influential technology buyers. Our premium brands, including CIO®, Computerworld®, CSO®, InfoWorld®, Macworld®, Network World®, and PCWorld® engage a quality audience of the most powerful audience of technology buyers providing essential guidance on the evolving technology landscape.
Our global data intelligence platform activates purchasing intent, powering our clients’ success. IDG Marketing Services creates custom content with marketing impact across video, mobile, social and digital. We execute complex campaigns that fulfill marketers’ global ambitions seamlessly with consistency that delivers quality results.
Senior Marketing & Research Specialist
IDG Communications, Inc.