Cybersecurity has been integrated into multiple aspects of the business. This indicates a rising recognition of the risk that a cyberattack poses to company operations. A full 100% of survey respondents report that their boards and executive teams are more focused on their organization’s security posture than in the past. In addition, 68% initiated projects to integrate incident response into companywide business continuity plans, 61% are integrating cybersecurity into infrastructure and DevOps decisions and 59% are incorporating IT security into broader business operations decisions to better combat cyberthreats.
Companies shifted cybersecurity modernization priorities in 2020. In response to the immediate challenges presented by the pandemic, companies accelerated an average of five to six initiatives to protect the increasingly distributed IT environment and securely connect a remote workforce with the data it needs to keep the business running. Most companies pursued multiple projects in categories, including threat visibility/identification (73%), incident response (70%), network security (68%), endpoint security (67%), application security (67%), malware protection (64%), and identity and access management (55%).
Complex, long-range security projects took a back seat. The pressing demands of the pandemic forced companies to focus on security fundamentals, such as anti-malware/anti-virus upgrades, multi-factor authentication and FireWall-as-a-Service (FWaaS) deployments. Relatively few organizations executed projects in critical areas such as identity governance, Zero Trust, data analytics, AI/machine learning and SASE.
New hiring was flat. Despite the increase in security budgets and the large number of security projects companies undertook in 2020, only 27% of respondents reported expanding security staff in 2020. Forty-one percent plan to begin or resume staff expansion in 2021, and 42% intend to start or resume modernizing security operations.