To help us understand how IT leaders are adapting to address this rapid evolution, we commissioned IDG to survey more than 200 executives (CIOs, CTOs, CSOs, IT directors) working at organizations with an average of 21,300 employees in December 2020.
Their responses reflect how priorities shifted in 2020, demonstrate current confidence levels, identify roadblocks to improved cybersecurity and assess which modernization efforts will be most urgent in 2021.
As a result, we’ve seen an increase in awareness of enterprise security postures and cybersecurity risks,
leading to increased spending in both 2020 and 2021.
of organizations surveyed increased their cybersecurity spending in 2020.
of organizations plan to increase their cybersecurity spending in 2021.
of respondents said their executive team has become more focused on their security posture.
integrated incident response into a companywide business continuity plan.
integrated cybersecurity into their infrastructure and DevOps decisions.
integrated cybersecurity into broader business operations decisions.
Most organizations focused on closing immediate gaps using technologies that were easy to deploy, such as Cloud Access Security Broker (CASB), cloud-based Security Information and Event Management (SIEM), and Security Orchestration Automation and Response (SOAR).
Many complex, long-range security projects took a back seat to more urgent block-and-tackle activities such as anti-malware and anti-virus upgrades, Multi-Factor Authentication (MFA), and Firewall as a Services (FWaaS) deployments.
As a result, relatively few organizations initiated or executed projects in critical areas such as identity governance, Zero Trust, data analytics, and Secure Access Service Edge (SASE) implementations.
But it wasn’t only long-range projects that took a back seat — foundational activities like data security risk assessments fell behind as well. In 2020, only 57% of businesses conducted a risk assessment despite new threats.
This left IT teams overburdened and without the specialists needed to execute the efforts necessitated by evolving threats. And, the challenges facing security operations and management corroborate that teams are overburdened and understaffed.
lack of automation
outdated network access control
legacy infrastructure and software
lack of skilled staff
This survey shows organizations made strides to address gaps and integrate cybersecurity into business, operational, and IT infrastructure decisions. But bolstering security is a complex, continual effort.
Implementing effective security will require increased time, resources and skilled support as the threatscape continues to evolve. Moving forward, organizations will need to shift focus to stronger strategic planning, IT modernization, operational optimization and personnel investments to support comprehensive, long-range security.