Cyber security is not a top priority

Fortinet has published the survey results of its "Global Enterprise Security Survey" on the global security situation in companies. They show that, despite spectacular cyber attacks, almost half of all IT decision-makers in companies with more than 250 employees worldwide are convinced that senior management does not give enough priority or attention to cyber security. At the same time, however, many IT experts expect the issue of security to become more important as a result of the shift to the cloud as part of the company's digital transformation.

Franz Kaiser of Fortinet says: "Over the years, we have noticed that companies are increasingly investing in cyber security and more and more senior managers are considering it as part of their overall IT strategy. With the digital transformation in enterprises and the adoption of technologies such as the cloud, cyber security has long since become a strategic business decision rather than just an IT investment. In today's digital economy, I expect that security will become a high priority for more and more corporate executives in their fundamental approach to risk. Such a strategy should better position companies to successfully master digital transformation."

 Most important results of the survey

Cyber security is not a top management priority: 48% of IT decision makers are convinced that IT security is still not a top priority for senior management. However, this is not reflected in budgets: 61% of organizations reported spending over 10% of their IT budget on security, which is considered a high investment. 71% of respondents said their IT security budget had increased from the previous year. Meanwhile, IT decision makers firmly believe that cyber security should be given high priority by senior management. At the same time, 77% of respondents wanted senior management to examine IT security more closely.

Main reasons why cyber security is becoming a top priority

Increase in security breaches and global cyber attacks: In the last two years, 85% of the companies surveyed experienced security breaches. The most common attack vectors were malware and ransomware: 47% of respondents said they had already experienced such an attack.

49 % of IT decision makers reported an increased focus on IT security following global cyber attacks such as WannaCry. Due to the scale and nature of global cyber attacks, business leaders are increasingly concerned with security. As a result, security is no longer just an issue for the IT department.

Stronger legislative pressure: Another main reason cited by 34% of respondents for growing security awareness at the top level was increasing regulation. In view of high fines - e.g. for breaches of the upcoming European General Data Protection Regulation (GDPR) - the bottom line is at stake, which means that security is now also certain to attract boardroom interest.

Shift to the cloud affects security priorities: As a result of the integration of the cloud as part of the digital transformation in the company, 74% of the IT decision-makers assume that cloud security will become a higher priority. 77% of respondents are convinced that cloud security - together with corresponding investments in security - is becoming an increasingly high priority for the board. As a result, half of respondents (50%) plan to invest in cloud security within the next twelve months.

Survey Method: The Fortinet Global Enterprise Security Survey 2017 was conducted on behalf of Fortinet by independent market research firm Loudhouse in July and August 2017 to examine the changing attitudes of enterprises towards security issues. The global survey polled IT decision makers with responsibility over or insight into IT security. A total of 1801 respondents from 16 countries (US, Canada, France, UK, Germany, Spain, Italy, Middle East, South Africa, Poland, Korea, Australia, Singapore, India, Hong Kong and Indonesia) anonymously participated in the survey. Respondents who completed the online questionnaire were unaware of the purpose of the study or its sponsor.

Source: Fortinet