COVID crisis drives increased security investment
A new report from Thycotic reveals that 58 percent of IT security decision makers say their organizations plan to add more security budget in the next 12 months, and almost three out of five believe that in the next financial year they will have more security budget because of COVID-19.
More than three quarters (77 percent) of respondents have received boardroom investment for new security projects either in response to a cyber incident in their organization (49 percent) or through fear of audit failure (28 percent).
In addition with financial penalties for GDPR now totaling 175 million Euros ($202 million), almost a quarter of respondents (23 percent) believe that compliance or threats of fines are the most effective way to persuade boards to invest in cybersecurity.
"A few years ago, we found that while CISOs were talking boards were listening but not following through the investments, or supporting them with increased budget," says Joseph Carson, chief security scientist at Thycotic. "But that language barrier appears to be getting removed, the communication is improving between the CISO and the board and that's great news, because what we're seeing as a result of that is more budget, more investment into security. Organizations see that COVID has accelerated remote working and the importance of digital transformation. As a result of COVID security budgets are expected to increase for the next 12 months, and specifically many looking to cloud solutions and cloud transformation, because that helps you support that diverse workforce having some people in the office and some people working remotely."
CISOs still face challenges to get board level support though. Almost two fifths (37 percent) of participants' proposed investments were turned down because the threat was perceived as low risk or because the technology had a lack of demonstrable ROI. While 33 percent believe senior management does not comprehend the scale of threat when making cyber security investment decisions.
"What we did find what was interesting was that in the UK, Germany and France, one of the biggest motivations is actually compliance, they use compliance as the main motivation for the board to get approval for security spending. Where as in Asia and the US they tend to optimise for benchmarking with peers," adds Carson.
You can find out more and get the full report on the Thycotic blog and there's an infographic summary of the findings below.