Organizations falling short in addressing security risks
According to 90 percent of IT security leaders their organizations are falling short in addressing cybersecurity risks.
Research from Foundry finds that this perception comes from a number of issues including convincing all or parts of their organization of the severity of risk (27 percent), and believing their organization isn’t investing enough resources to address risks (26 percent).
Over a third (34 percent) of security decision makers are researching Security Orchestration, Automation, and Response (SOAR) technologies. Zero trust technology and Secure Access Service Edge (SASE) are second and third on their radar at 32 percent. Although not in the top tools being actively researched, close to a quarter of organizations have cyber insurance on their radar and only 23 percent say they are not interested.
The top security solution currently in use is endpoint protection (specifically for laptops, desktops and servers) at 78 percent. Similarly, three-quarters of respondents say authentication (multifactor/strong authentication or role-based solutions are in use, followed by security education/awareness training solutions and patch management (both at 74 percent).
While the average annual security budget is $65 million, similar to last year's level, for small businesses the security budget has jumped to $16 million, from $11 million last year and $5.5 million in 2020. On average, enterprises are seeing fairly steady security budgets -- $122 million this year compared to $123 million in 2021.
"As businesses continue to grow and scale their security efforts in tandem, it's no surprise that the proper investments and budgetary requirements follow suit," says Bob Bragdon, SVP/worldwide managing director, CSO at Foundry. "Organizations of all sizes recognize security risks and understand the fallout that can occur due to a breach, and security leaders are preparing for the worst case scenario. It's important for technology vendors to understand what their major challenges are and provide them with appropriate tools and solutions."
Shortage of security skills continues to be a problem, 45 percent of IT leaders are addressing it by asking current staff to take on more responsibilities and utilizing technologies that automate security priorities. 42 percent are outsourcing security functions, while 36 percent are increasing compensation and improving benefits. Looking at company size, half of enterprises are asking current staff to take on more responsibilities, and 37 percent of SMBs are doing the same.
"More regulation and compliance requirements to mitigate security risks is a positive step but is clearly creating challenges for organizations under equipped to deal with these changes," says Bragdon. "As security leaders navigate a competitive workforce, they are also looking to their security technology partners to create more efficient and automated practices that make sense for their business and employees."
You can find out more on the Foundry site.