2021 technology and security journey full of questions.
Increasingly business board members are offering full support for IT security initiatives, states the latest research by Sapio Research,
Commissioned by Thycotic, more than half (58 per cent) of IT security decision-makers say their organisations plan to add more security budget in the next 12 months.
With growing cyber threats and rising risks through the COVID crisis, survey respondents indicate that boards are listening and stepping up with increased budget for cybersecurity, with the overwhelming majority, 91 per cent agreeing that the Board adequately supports them with investment.
The global respondents of IT security decision makers, CEOs and CFOs from Germany, USA, Australia, New Zealand, France, Spain, Singapore, and Malaysia.
However even with growing executive management support, CISOs and their security teams must remain vigilant in making their case for cybersecurity investments.
Over one third (37 per cent) of participants’ proposed investments, for example, were turned down because the threat was perceived as low risk or because the technology had a lack of demonstrable ROI. One third (33 per cent) of survey respondents believe senior management often does not comprehend the scale of threat when making cybersecurity investment decisions.
About three in four survey respondents (77 per cent) said that a security incident at their organisation or an audit failure helped convince their Boards to approve investment in new cybersecurity projects. Although this wasn’t surprising given compliance appears to be a prime motivator in getting executive management to invest.
The biggest challenge IT security decision makers have faced when getting approval for investments on previous cyber security projects related to new technology purchases that fall outside the scope needed to achieve compliance (42 per cent). Other barriers included low perceived threat risk (37 per cent) and lack of demonstratable ROI (37 per cent)
Almost a quarter of respondents believe that compliance or threats of fines have been the most effective in persuading Boards to invest in cyber security (23 per cent) The fear of compliance fines is a significant factor in convincing executive Boards to invest in cyber security, according to survey respondents. The EU GDPR, for example, has seen several companies receive significant fines in millions of € Euros resulting from a data breach or failure to be compliant.
No one wants to be the next victim of a cyberattack or a failure in compliance. Therefore 23 per cent of decision-makers use this fear factor as an effective motivator to help convince their Boards to invest in cyber security. Another 20 per cent use best practices and standards to persuade Boards, with 20 per cent focusing more on ROI by showing how cyber security can contribute to business value.
The ever-rapid evolution of threats across perimeter-less networks, along with an ever-growing range of cybersecurity technology choices, will create a never-ending question than answers for CISOs. The road ahead for IT and cybersecurity leaders moving into 2021 is complicated and the rapid evolution of threats across perimeter-less networks, along with an ever-growing range of cybersecurity technology choices, complicates IT decision making.