Security Spending Up, But Adoption of Cutting-edge Tools is Slow
October 11, 2019
Mo Moin (2461 articles)

Security Spending Up, But Adoption of Cutting-edge Tools is Slow

Security spending is expected to increase over the next 12 months at fully half of organizations, but questions linger as to whether that money is being targeted at the right problem and whether IT organizations are keeping up with latest techniques and countermeasures.

That’s the key takeaway from the IDG Security Priorities Study 2019, which surveyed 528 security-focused professionals worldwide who are involved in IT and security decisions in their organizations.

It’s clearly a positive sign when 50 percent of respondents say their security budgets are expected to increase, 46 percent expect their budgets to remain flat and only 4 percent anticipate a decrease. One interesting trend is that the mix of spending seems to be shifting from capital expenditures to operational expenses as companies increasingly turn to “as-a-service” options for security tools.

But it is somewhat troubling that in the face of an increasingly dynamic threatscape and all of the well-publicized data breaches, survey respondents said that the biggest factors that determine the priority of security spending at their organizations are implementing rigid best practices frameworks and checking off compliance mandates.

Addressing actual security breaches that occurred at the company or security incidents that happened to business partners was well down on the spending priority list. Survey respondents noted that having to focus on compliance mandates distracted them from executing more strategic security plans. “No matter how many times security pros say ‘compliance isn’t security,’ there are auditors and regulators who think it is,” said Peter Lindstrom, vice-president of security strategies at IDC.

Who’s in charge of security?
More than two-thirds of organizations have a Chief Security Officer (CSO), Chief Information Security Officer (CISO) or other designed security leader, but 31 percent of organizations lack a designated security executive. Of those leaders, 31% report to the CIO, while 29 percent report to either the CEO or Board of Directors.

Breakout data indicates that large enterprises are more likely to have a top security executive than small or mid-market companies.

This post Security Spending Up, But Adoption of Cutting-edge Tools is Slow originally appeared on CSO Online.

Read More