While the pandemic continues to alter the way businesses evaluate risk, organizations expect a steady increase in their security budget to support efforts

Boston, Mass. – November 19, 2020 – IDG Communications, Inc. – the world’s leading tech media, data, and marketing services company – releases the 2020 IDG Security Priorities study, which outlines the security projects organizations are focused on, the factors driving security spending, and the security-related challenges that organizations are experiencing. In its fourth year, this study also explores issues that will demand the most time and strategic thinking from IT and security teams, with an increased focus on security strategy during the COVID-19 pandemic.

Security and the Pandemic
The majority of security/IT executives (62%) say they expect the pandemic to impact the way their organization evaluates and responds to risks moving forward. This has stabilized some since March, when 73% of respondents to the 2020 CSO Pandemic Impact survey said that the impact of this pandemic will alter the way their business evaluates risk for at least the next five years. This additional focus on security includes investing more in people to enable their response to risk (43%), increasing investment in response planning resources to address risk (38%), and updating and modernizing their business continuity plans (30%).

In addition to the changes businesses will make to their security strategies, security/IT leaders report that unexpected/under expected business risks (i.e. the pandemic and workforce changes) are forcing them to redirect their time and focus (36%). This is the number one security-related challenge today, followed by employee awareness/training issues which are also heightened due to the increase in work from home conditions.

“We have always known security leaders to be resilient and to be prepared for the unexpected. This year provided numerous disruptions, whether that be from a supply chain or workforce perspective,” says Bob Bragdon, Global SVP/Managing Director, CSO. “Organizations are arming their entire teams with more security awareness trainings as work from home scenarios continue and adopting additional data protection technologies so that security teams can focus on corporate initiatives.”

Security Incidents & Priorities
With the pandemic causing higher levels of uncertainty, new to the study this year, we asked respondents to provide insight into the sources of past security incidents. Overall, 87% of security/IT executives report that they are aware of what caused their security incidents in the past year. Topping the list are non-malicious user error where the employee fell victim to phishing or non-malicious violations of security policy (36%), followed by unpatched software vulnerabilities (29%), and the misconfiguration of services or systems either on- or off- premises (28%). In order to stay vigilant for the upcoming year, organizations state their main security priorities are to improve the protection of confidential and sensitive data (49%), improve/increase security awareness among end users through training (45%), and upgrade IT and data security to boost corporate resiliency (34%). Even with new and added challenges this past year, these priorities remain consistent with 2019 data.

Security Tools & Solutions
Organizations continue their commitment to security with 41% of security/IT decision-makers expecting their security budgets to increase in the next 12 months. This is slightly down from 50% in 2019, however 53% say their security budgets will remain the same and only 6% expect a decrease for the upcoming year. When looking at the total annual security budget, the average is $72.7M which is up from $51.8M in 2019. In order to achieve the security goals previously outlined, this large budget allocation makes it clear that organizations are actively researching and investing in a variety of security solutions. The key solutions being researched in 2020 are zero trust technologies (40%), deception technology (32%), micro-segmentation (30%), and cloud-based cybersecurity services (30%). Currently, the top security technologies in use are firewalls, anti-virus/malware, patch management, access controls and authentication. The security technologies where organizations are looking to increase spending include authentication (32%), cloud data protection (28%), cloud-based cybersecurity services (27%), and access controls (27%). Given the continuous growth in cloud adoption, it is no surprise that IT/security leaders are focused on security around these solutions.

While there is no question that security tools and solutions are in high demand, this year’s research also found that security products/solutions are not always being utilized to their full potential. Although the majority of security technologies purchased are used in some capacity (72%), half of security decision-makers say they do not utilize all of the features included in their security technologies and services.  This may be due to the fact that respondents say that 26% of purchased security technologies/services are under-resourced in terms of people, support services, or deployment.

“While security decision-makers are actively researching and investing in new security solutions, security vendors cannot be blind to the fact that more resources may be needed in order for their customers to obtain the full potential that their products offer ” continues Bragdon. “To best evaluate and respond to cyber risks, it’s essential that organizations fully understand and utilize their security technologies. In order to do so, security vendors must maintain constant customer communication and engagement.”


Join the Conversation
To engage with top security leaders as they share their best practices around securing multicloud, the future of AI and cybersecurity, and top security threats and prevention, learn more about the sponsorship opportunities around our 2021 Cybersecurity Summit virtual event series.

About 2020 IDG Security Priorities Study
IDG’s 2020 Security Priorities Study was conducted among the audience of five IDG brands (CIO, Computerworld, CSO, InfoWorld and Network World). The survey was fielded online to gain a better understanding of the various security projects organizations are focused on now and in the coming year. The research also explores the issues that will demand the most time and strategic thinking for IT and security teams, as well as the services that are managed in-house versus outsourced. Results are based on 522 respondents who are involved in IT and/or corporate/physical security decisions.

About IDG Communications, Inc.
IDG Communications’ vision is to make the world a better place by enabling the right use of technology, because we believe that the right use of technology can be a powerful force for good.

IDG is a trusted and dependable editorial voice, creating quality content to generate knowledge, engagement and deep relationships with our community of the most influential technology and security decision-makers. Our premium media brands including CIO®, Computerworld®, CSO®, InfoWorld®, Macworld®, Network World®, PCWorld® and Tech Hive® engage a quality audience with essential guidance on the evolving technology landscape.

Our trusted brands, global 1st party data intelligence and Triblio platform identify and activate purchasing intent, powering our clients’ success. We simplify complex campaigns that fulfill marketers’ global ambitions seamlessly with consistency that delivers quality results.


Stacey Raap
Senior Marketing & Research Specialist
IDG Communications, Inc.