STUDY: 90% of Security Leaders Believe Their Organization is Falling Short in Addressing Cybersecurity Risk
According to new research from Foundry, meeting compliance regulations, the skill shortage, and external threats remain top challenges for organizations around the world
Boston, MA, Sept 14, 2022 — Foundry (formerly IDG Communications), the global leader in media, martech and data for the tech community, today released the 2022 Security Priorities Study which looks at the security-related priorities IT and security leaders are focused on now and in the near future. In its sixth year, the study shares insights into the security structure of organizations, perceived risks, continued challenges, and investments being made to better secure organizations.
The research found that an overwhelming majority (90%) of security leaders believe their organization is falling short in addressing cybersecurity risk. Those surveyed experienced these pitfalls from different issues, such as convincing the severity of risk to all or parts of their organization (27%), and believing their organization isn’t investing enough resources to address risks (26%).
Here is a closer look at the survey’s findings.
Security research and investments are shifting
According to the research, over a third (34%) of security decision makers are researching Security Orchestration, Automation, and Response (SOAR) technologies. Zero trust technology and Secure Access Service Edge (SASE) fall just behind as the second and third on their radar at 32%. Although not in the top tools being actively researched, it is worth mentioning cyber insurance as this was the first year Foundry explored the topic. Close to a quarter of organizations have cyber insurance on their radar and only 23% are not interested.
The top security solution currently in use – which Foundry classifies as piloting, in production, and upgrading/refining – is endpoint protection (specifically for laptops, desktops, servers) at 78%. Similarly, three-fourths of respondents said authentication (multifactor/strong authentication or role-based solutions are in use, followed by security education/awareness training solutions and patch management (both at 74%).
In 2022, the average annual security budget is $65 million, which is similar to last year’s overall budget. For small businesses, however, the security budget has jumped to $16 million, from $11 million last year and $5.5 million in 2020. On average, enterprises are seeing steady security budgets – $122 million this year compared to $123 million in 2021.
When asked which security technologies their organization will increase investment in over the next 12 months, respondents cited cloud-based security services (36%), cloud infrastructure management technology (35%), application development security (35%), access controls (35%), and cloud data protection (33%).
“As businesses continue to grow and scale their security efforts in tandem, it’s no surprise that the proper investments and budgetary requirements follow suit,” said Bob Bragdon, SVP/Worldwide Managing Director, CSO. “Organizations of all sizes recognize security risks and understand the fallout that can occur due to a breach, and security leaders are preparing for the worst case scenario. It’s important for technology vendors to understand what their major challenges are and provide them with appropriate tools and solutions.”
Insight into security challenges and hiring
When asked which security-related challenges were most often forcing security executives to redirect their time, respondents stated meeting governance and compliance regulations, employee awareness and training, unanticipated business risks (last year’s top challenge), preparing for or addressing risks from cyber threats originating outside the organization, and budgetary constraints and demonstrating ROI.
The security skills shortage continues to impact a large portion of organizations. Almost half (45%) of IT leaders are addressing it by asking current staff to take on more responsibilities and utilizing technologies that automate security priorities. Forty-two percent are outsourcing security functions, while 36% are increasing compensation and improving benefits. Comparing company size, half of enterprises are asking current staff to take on more responsibilities, and 37% of SMBs are doing the same.
“More regulation and compliance requirements to mitigate security risks is a positive step but is clearly creating challenges for organizations under equipped to deal with these changes,” said Bragdon. “As security leaders navigate a competitive workforce, they are also looking to their security technology partners to create more efficient and automated practices that make sense for their business and employees.”
To learn more about this year’s Security Priorities research, please download the white paper here.
About 2022 Foundry Security Priorities Study
Foundry’s 2022 Security Priorities Study was conducted among the audience of five Foundry brands (CIO, Computerworld, CSO, InfoWorld and Network World). The survey was fielded online to gain a better understanding of the various security projects organizations are focused on now and in the coming year. The research also explores the issues that will demand the most time and strategic thinking for IT and security teams, as well as the investments security executives are expecting to make. Results are based on 872 global respondents who are involved in IT and/or corporate/physical security decisions.
Foundry (an IDG, Inc. company) is a trusted and dependable editorial voice, creating quality content to generate knowledge, engagement and deep relationships with our community of the most influential technology and security decision-makers. Our premium media brands including CIO®, Computerworld®, CSO®, InfoWorld®, Macworld®, Network World®, PCWorld® and Tech Hive® engage a quality audience of the most powerful technology buyers with essential guidance on the evolving technology landscape.
Our trusted brands inform our global data intelligence platform to identify and activate purchasing intent, powering our clients’ success. Our marketing services creates custom content with marketing impact across video, mobile, social and digital. We simplify complex campaigns that fulfill marketers’ global ambitions seamlessly, with consistency that delivers quality results and wins awards. Additional information about Foundry is available at https://www.foundryco.com.