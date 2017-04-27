FRAMINGHAM, MA–(Marketwired – April 27, 2017) – IDG Enterprise — the leading enterprise technology media company, comprising CIO, Computerworld, CSO, InfoWorld, ITworld and Network World — today released the results from its 2017 Security Priorities study which provides insight into the security roles and technologies that help accelerate enterprise growth by mitigating risk. Security continues to be a top business focus, and the study sought to better understand the security projects organizations are focused on, as well as the issues that will demand the most time and strategic response from security and IT teams. Organizations are turning to their security teams to help build business strategies as digital enterprises continue to take shape and cyber threats evolve. (Click to Tweet)

Priorities of Security & IT Teams

As enterprise organizations (1,000+ employees) embrace new technologies, the importance of specialized security teams is underscored. Two-thirds of enterprise organizations have a CSO/CISO role, compared to only 24% of SMB organizations (<1,000 employees). Additionally, enterprise organizations are nearly three times more likely than SMBs to have a standalone security department versus IT and security being managed together (58% enterprise vs. 85% SMB), and that appears to translate into more mature security practices (view image). Beyond differences in organizational structure, enterprise organizations are more likely to see budget increases in the coming year. Approximately half (48%) of enterprise organizations expect an increase in their security budget compared to 34% of SMBs. These additional dollars will be allocated to a variety of technologies that organizations are actively researching:

38% behavior monitoring & analysis

37% cloud-based cybersecurity services

36% cloud access security brokers

34% data loss prevention tools

30% security intelligence services

“In order to keep up with the evolving needs of the digital enterprise, organizations are embracing more technologies, but that can expose them to more risk they are unaware of and not prepared for,” said Bob Bragdon, SVP/Publisher, CSO. “This can be compounded as organizations face a security-focused personnel gap — they can’t find qualified people to fill their openings — that’s hindering the value they can derive from security solutions and services. To keep the business functioning, security leaders are being forced to explore alternatives, including having vendors and managed service providers take responsibility for a larger part of operational security.”

Security Staff Needed

Security initiatives continue to grow, which ultimately requires additional skillsets and potentially more dedicated security employees. This is largely seen at organizations that have a standalone security department — 27% say that employee retention and hiring enough skilled workers is a challenge that takes time away from their strategic goals. In the upcoming year, nearly half (48%) of enterprise organizations plan to increase their full-time employee headcount, and 30% plan to increase outsourced security employees.

Putting It into Practice

Multiple security challenges are taking time away from security and IT executives’ strategic plans — including cyber threats from outside the organization, budgetary constraints and the need to demonstrate ROI, compliance regulations, and employee awareness and cooperation issues. However, when an organization has a standalone security department, only 22% say that cyber threats from outside the organization are a challenge, compared to 35% of organizations where IT and security are managed together. Challenges also vary by company size:

Enterprise SMB Meeting governance & compliance regulations 30% 25% Budgetary constraints/demonstrating ROI 29% 26% Cyber threats from outside the organization/APTs, DDoS 26% 37% Employee awareness and cooperation issues 24% 31% Addressing security risks in disruptive technologies prior to their implementation 23% 17%

Regardless of the structure, vendors help to play a role in securing organizational assets. To evaluate emerging technology vendors, security and IT decision-makers at enterprise organizations rely on pilot tests (67%), as well as attending events to meet with vendors and hear from peers to educate themselves (62%).

To help security leaders create a proactive security strategy aligned with the business needs, CIO and CSO have launched SecurIT, a unique event for security decision-makers to come together and share ideas and develop solutions for the security challenges that businesses face due to digital transformation. Solutions that security and IT executives are actively researching and increasing their budget for today align very closely with the SecurIT agenda topics:

Threat protection/preventing breaches

Social engineering

Managing regulation and compliance

Managing the IT/security relationship

Managing third-party risk or skills alignment

“Security is a business issue, and this research amplifies the fact that collaboration between security, IT and business executives is necessary to create and implement a comprehensive security posture,” said Adam Dennison SVP/general manager, IDG Events & publisher, CIO. “We are excited to host SecurIT to facilitate and encourage this important conversation between stakeholders. This one day event will bring security practitioners and vendors together to discuss solutions for elevating security practices, which is exactly what is needed in this time of transformation.”

About 2017 IDG Enterprise Security Priorities Study

IDG Enterprise’s 2017 Security Priorities Research was conducted among the audiences of six IDG Enterprise brands (CIO, Computerworld, CSO, InfoWorld, ITworld and Network World). The survey was fielded online with the objective of understanding the various security projects organizations are focused on now and in the coming year. It also looks at the security functions organizations have in place and the issues that will demand the most time and strategic thinking from IT and security teams. Results are based on 694 respondents who are involved in IT and/or corporate/physical security decisions.

