In response to the ever increasing threats of cyber-attacks, security budgets are growing across the Enterprise. But they’re not growing fast enough to sufficiently address the problem.
Two-thirds of members polled by the Institute of Information Security Professionals (IISP) said security budgets have increased, while only 15% said budgets have stayed the same. (Which leads to a few snarky questions. If 67% of organizations have increased their security budgets, and 15% have kept them the same, why in the name of Bill Gates have 18% reduced their budgets? Have they just given up?)
Anyway, only 7% report that their budgets are rising faster than their perception of the threat level, while 60% admit that budgets are lagging behind.
The report is based on answers of more than 2,500 members of the Institute, working in security across various industries, including a significant proportion at Senior/Lead/CISO level.
“Security budgets are hard won because they are about protection against future issues, so they are a good indication of the state of risk awareness in the wider business community,” said Piers Wilson, Director at IISP. “While it is good news that businesses are increasing investment, it is clear that spending on security is still not at a level that matches the changing threat landscape.”
Wilson also emphasized that businesses which find themselves only slightly behind on security efforts will see their level of protection drop over time due to escalating threats.
We sympathize with IT executives who routinely see their budgetary requests challenged and rebuffed. It is essential for organizations to understand that cybersecurity is not only an information technology problem. It is also a legal problem. It is a risk management problem. And it is a human resources problem.
The budget needed to attack the problem should be allocated across multiple functional groups. Until then, trying to fight security risks solely on already-stressed IT budgets is a strategy the criminals will continue to applaud.
When it comes to recruitment, there is still a security skills shortage, but the problem doesn’t just lie in the number of qualified professionals. Budgets are frozen. Staff size is smaller than ever with a sizeable lack of required skills and experience necessary to effectively address security threats.
Overall, the results of the IISP survey showed there are growing challenges from more sophisticated attacks, more sources of threats, a shortage of effective IT security staff, and a regulatory environment that is both fluid and challenging.
And effectively preparing your organization for a cyber attack in this shifting threat landscape requires security solutions that not only protect assets but also focus on enabling rapid remediation.
As a full-service managed security provider, SLPowers delivers advanced firewall management, 24×7 real-time security monitoring, and the most comprehensive end-user security training in the industry. We’ll show you how to make it all fit within your budget. Contact us today.
Image Source: IISP