IT security 2016: Everyone cares. But then?
All companies have IT security in their sights, at least when they are asked directly about it. But is this followed up by action? And are companies focusing on the right activities?
IT company Red Hat sought answers to the above questions with a survey of 426 IT decision makers worldwide. The results can be divided into three areas, according to the IT provider.
1. few "new" IT providers care about security hygiene
It sounds a bit harsh, but with the advent of the Internet of Things (IoT), security is not a top priority for most newly connectable devices. That's not surprising: sensor manufacturers, for example, are focused on building better sensors, not more secure sensors. For companies, however, this is of great importance.
Only 14% of respondents were concerned about unpatched or unpatchable systems, focusing instead on the risks posed by external data protection incidents (32%) or poor user security behavior (36%). Both issues are important, however, effective security starts with good "hygiene," i.e., regularly patching systems and software to prevent such incidents. On the positive side, two-thirds (67%) of respondents said they patch their systems monthly or at even shorter intervals, thereby reducing the window of opportunity for attack created by known vulnerabilities.
2. trust is more important than sales
When asked what the biggest security-related consequences could be in their company, almost half of the respondents (47%) pointed not to a drop in sales, damage to their image or loss of assets, but solely to the possible loss of customer trust. This represents an interesting twist in the security world: While it remains important to protect customer data, customer confidence that companies are protecting their data is equally significant.
Well-known data protection incidents in the last twelve to 18 months have shown how fragile and volatile this trust can be. It is therefore interesting to observe how companies place a higher value on trust than on assets or revenue.
3. achieve more with less
Ultimately, and this will surprise no one: Despite all the security incidents that have come to light, the new vulnerabilities, and the many statements from executives about the importance of IT security - the budget remains the same. 81% of respondents expected the budget to remain flat, or at best, increase slightly; 61% emphasized that IT security represents 15% or less of their company's total IT budget.
IT security therefore remains one of the most important topics in companies. Unfortunately, despite all the emerging new threats, the money is simply not there to properly defend against them with training, new tools and more staff. The general trend in corporate IT to do more and more with the same budgets is to the detriment of the entire infrastructure, including security.
Detailed results of the study are available here
