2021 Security Priorities Study
As ransomware, phishing scams, and other cyberattacks such as zero-day vulnerabilities, increase, it’s weighing on security leadership and becoming increasingly difficult to keep up with the evolving IT threat landscape. According to IDG’s 2021 Security Priorities study, 90% of security leaders believe their organization is falling short when it comes to addressing cyber risks. Hence why security leaders are launching new efforts to become better prepared for the next unexpected security incident that comes their way.
The majority (98%) of respondents expect their overall security budget to either increase or remain the same over the next 12 months to help them combat these security risks. Expected to top the list of solutions being actively researched are Zero Trust technologies, SOAR (security orchestration, automation, and response), SASE (secure access service edge), and deception technology, while leaders plan to increase their investment in cloud data protection, access controls, cloud-based cybersecurity services, and data analytics.
In its 5th year of the research, the 2021 Security Priorities study also outlines the issues that will demand the most time and strategic thinking for IT and security teams over the next 12 months. Security leaders cite that the time they spend responding to inquiries from Senior Management and/or the Board of Directors grew substantially this year – only 2% cited this in 2020 and now 12% say this is the case in 2021. This year over year growth as aligns with the fact that more businesses are adding security executives to their leadership teams– 67% in 2021 vs. 61% in 2020 – and the fact that these executives are increasingly reporting into the CEO and BoD.
2021 Security Priorities Key Takeaways:
- IT security leaders are now taking on physical security as a responsibility as well, jumping from 42% having it as a responsibility last year to 65% this year.
- Most security leaders surveyed (91%) are aware of what caused their security incidents in the past year – 44% report it was a non-malicious user error where the victim fell to phishing scam or non-malicious violation of security policy.
- When asked about the longest amount of time that passed before a security incident was detected, 5 weeks was the average among survey respondents.
- This year’s top security priorities reflect the dynamic nature of the 2021 landscape – be prepared for whatever comes at you. Security leaders hope to be appropriately prepared to respond to a security incident, improve the protection of confidential and sensitive data, improve/increase security awareness among end-users through training, and upgrade IT and data security to boost corporate resiliency.
- Zero Trust technologies keep the top spot in the list of technologies organizations are actively researching and continues to see steady adoption from 24% (2019) to 35% (2020) and 46% (2021.)
View the sample slides below for additional insight and download the full report to better understand and engage with security leaders as they build out their 2022 strategy and continue to prepare for cyber risks. To request a meeting with an IDG sales executive to walk through the full study, please complete the form at the right.