Security Strategy, Plan, Budget

78% of top security leaders say their organizations are unprepared for a cyberattack

Participants in the BlinkenArea project work behind a sinister panel of LED lights during a computer hacker conference. (Photo by Adam Berry/Getty Images)

Seventy-eight percent of senior IT and security leaders believe their organizations lack sufficient protection against cyberattacks, according to research conducted by IDG Research Services on behalf of Insight.

The high level of concern expressed by these leaders resulted in 91% of organizations increasing their cybersecurity budgets in 2021 — a figure that nearly matches the 96% that boosted IT security spending in 2020.

Insight's report was based on responses from more than 200 C-level IT and IT security executives in organizations with an average of 21,300 employees across a wide range of industries.

Respondents overwhelmingly said that dramatic improvements in corporate security programs were needed. They expressed the least confidence in their organization’s security roadmap (32%), security-related technology and tools (30%), and internal teams and skill sets (27%). The respondents reported the highest level of trust in the company’s data management strategy, but, even then, less than half (45%) voiced confidence in that area of security operations.

Here are some other important findings:

  • Cybersecurity has been integrated into multiple aspects of the business. This indicates a rising recognition of the risk that a cyberattack poses to company operations. A full 100% of survey respondents report that their boards and executive teams are more focused on their organization’s security posture than in the past. In addition, 68% initiated projects to integrate incident response into companywide business continuity plans, 61% are integrating cybersecurity into infrastructure and DevOps decisions and 59% are incorporating IT security into broader business operations decisions to better combat cyberthreats.
  • Companies shifted cybersecurity modernization priorities in 2020. In response to the immediate challenges presented by the pandemic, companies accelerated an average of five to six initiatives to protect the increasingly distributed IT environment and securely connect a remote workforce with the data it needs to keep the business running. Most companies pursued multiple projects in categories, including threat visibility/identification (73%), incident response (70%), network security (68%), endpoint security (67%), application security (67%), malware protection (64%), and identity and access management (55%).
  • Complex, long-range security projects took a back seat. The pressing demands of the pandemic forced companies to focus on security fundamentals, such as anti-malware/anti-virus upgrades, multi-factor authentication and FireWall-as-a-Service (FWaaS) deployments. Relatively few organizations executed projects in critical areas such as identity governance, Zero Trust, data analytics, AI/machine learning and SASE.
  • New hiring was flat. Despite the increase in security budgets and the large number of security projects companies undertook in 2020, only 27% of respondents reported expanding security staff in 2020. Forty-one percent plan to begin or resume staff expansion in 2021, and 42% intend to start or resume modernizing security operations.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.