A new research report commissioned by Fortinet reveals that the job of securing business from cyber attack is getting tougher, with increased boardroom pressure adding to the challenge and complexity facing international IT Leaders…
In ourlatest global surveyof over 1,600 IT leaders in large enterprises, decision makers revealed the harsh realities of protecting their businesses against the risks they face.The findings show enterprise IT under rising pressure from the increasing frequency and complexity ofthreats, deepening big data and privacy needs and greater interference from their own senior management.
Nine in ten IT Leaders said that securing their business is noticeably more challenging than just 12 months ago, and respondents working in the financial services sector came near the top of the list for those suffering the highest levels of pressure.
Here are some of the key findings from our 2014 Fortinet Global Security Census:
- Increasing Boardroom Pressure on IT Security
High profile IT security attacks and national security scandals have been a common feature in the worldwide news reports of the last 12 months, and this is borne out in the dramatic increase in pressure, awareness and involvement in IT security matters coming from the direction of the boardroom.
Looking specifically at rising boardroom ‘pressure’, significant changes are visible across a wide range of industries.
However, it is the financial services sector where IT leaders experience some of the highest levels of boardroom pressure; over half (56%) reported high or very high levels of pressure from the board 12 months ago. This figure is up to a huge 67% today.
- Organisations Feel Prepared and Resourced for the Challenge Ahead
This boardroom influence is having a positive effect in many quarters, with our survey finding that the lion’s share of IT decision makers (ITDMs) are not only satisfied with their present resourcing and investment levels for IT security, but also optimistic about those levels increasing.
Four out of five ITDMs agreed that they had been provided with sufficient resources for IT security in the last 12 months, and a total of 83% believe they will have sufficient resources in the next.
Encouragingly, most industry sectors carried this trend, but it’s the financial services sector where ITDMs feel best equipped, with 87% agreeing theyhave sufficient resources for the year ahead.
- Opinions Differ Between IT &The Boardroom on Security Success Factors
While the research didn’t poll senior non-IT business executives themselves, it did collect IT leaders’ perceptions on the priorities of this group in terms of IT security strategy. ITDMs identified that ‘proving we are prepared to respond rapidly if/when threats get through’ is the most critical success factor both for themselves and their senior executives. However, the survey found that business leaders and the IT department disagree over the importance of ‘upholding our reputation’ as a measurement of a successful IT security strategy.
Looking more closely at respondents by industry sector, the divergence of opinion on the question of ‘reputation’ could not be starker.
Here, the highest senior executive scores were given by financial services (29%), FMCG (28%) and charities (25%). However, these ITDMs scored ‘reputation’ the lowest as regards their own security strategy priorities, with charities at 10%, financial services at 9%and FMCG at only 6%.
- Outsourcing Trends Embrace Complex Security Capabilities
Simple functions like email, AV and anti-spam – long considered for putting into a service provider’s hands – arebeing joined by more advanced functionality such as authentication, ATP Sandboxing and even DDoS mitigation. All are now considered suitable for outsourcing by a large proportion of the IT leaders polled.
Amongst industry sectors, perceptions on outsourcing aremost positive in the financial services sector. Here, respondents were more likely to agree with the suitability of managed security services than those from the public sector, for example, by 10% in each case.
So, where once the topic of IT security was technically obscure, and of only some interest to the running of a large organisation’s business operations, today we know that boardroom executives are very interested, involved and concerned about providing sufficient resources to their IT people to keep the business secure.
One emerging strategy that stands out amongst the financial services sector in particular, is the outsourcing of security capabilities to managed security service providers.
Perhaps emboldened by the adoption of many other cloud services, these ITDMs we surveyed implied a positive acceptance that many kinds of security function – included advanced level functions – were suitable for outsourcing to managed security service providers. With financial services organisations under some of the highest levels of pressure, and rising, this will be a particularly interesting trend to track in the future, with all indications pointing to its upward trajectory.
The full research report is available for download here.