STUDY: 90% of Security Leaders Believe Their Organization is Falling Short in Addressing Cybersecurity Risk

According to new research from Foundry, meeting compliance regulations, the skill shortage, and external threats remain top challenges for organizations around the world

Foundry (formerly IDG Communications), the global leader in media, martech and data for the tech community, released the 2022 Security Priorities Study which looks at the security-related priorities IT and security leaders are focused on now and in the near future. In its sixth year, the study shares insights into the security structure of organizations, perceived risks, continued challenges, and investments being made to better secure organizations.

The research found that an overwhelming majority (90%) of security leaders believe their organization is falling short in addressing cybersecurity risk. Those surveyed experienced these pitfalls from different issues, such as convincing the severity of risk to all or parts of their organization (27%), and believing their organization isn’t investing enough resources to address risks (26%).

Marketing Technology News: Xperi Announces Expansion of Vewd OpX for TV Operators

Here is a closer look at the survey’s findings.

Security research and investments are shifting

According to the research, over a third (34%) of security decision makers are researching Security Orchestration, Automation, and Response (SOAR) technologies. Zero trust technology and Secure Access Service Edge (SASE) fall just behind as the second and third on their radar at 32%. Although not in the top tools being actively researched, it is worth mentioning cyber insurance as this was the first year Foundry explored the topic. Close to a quarter of organizations have cyber insurance on their radar and only 23% are not interested.

The top security solution currently in use – which Foundry classifies as piloting, in production, and upgrading/refining – is endpoint protection (specifically for laptops, desktops, servers) at 78%. Similarly, three-fourths of respondents said authentication (multifactor/strong authentication or role-based solutions are in use, followed by security education/awareness training solutions and patch management (both at 74%).

In 2022, the average annual security budget is $65 million, which is similar to last year’s overall budget. For small businesses, however, the security budget has jumped to $16 million, from $11 million last year and $5.5 million in 2020. On average, enterprises are seeing steady security budgets – $122 million this year compared to $123 million in 2021.

When asked which security technologies their organization will increase investment in over the next 12 months, respondents cited cloud-based security services (36%), cloud infrastructure management technology (35%), application development security (35%), access controls (35%), and cloud data protection (33%).

“As businesses continue to grow and scale their security efforts in tandem, it’s no surprise that the proper investments and budgetary requirements follow suit,” said Bob Bragdon, SVP/Worldwide Managing Director, CSO. “Organizations of all sizes recognize security risks and understand the fallout that can occur due to a breach, and security leaders are preparing for the worst case scenario. It’s important for technology vendors to understand what their major challenges are and provide them with appropriate tools and solutions.”

Marketing Technology News: MarTech Interview With Konrad Feldman, CEO at Quantcast

Insight into security challenges and hiring

When asked which security-related challenges were most often forcing security executives to redirect their time, respondents stated meeting governance and compliance regulations, employee awareness and training, unanticipated business risks (last year’s top challenge), preparing for or addressing risks from cyber threats originating outside the organization, and budgetary constraints and demonstrating ROI.

The security skills shortage continues to impact a large portion of organizations. Almost half (45%) of IT leaders are addressing it by asking current staff to take on more responsibilities and utilizing technologies that automate security priorities. Forty-two percent are outsourcing security functions, while 36% are increasing compensation and improving benefits. Comparing company size, half of enterprises are asking current staff to take on more responsibilities, and 37% of SMBs are doing the same.

“More regulation and compliance requirements to mitigate security risks is a positive step but is clearly creating challenges for organizations under equipped to deal with these changes,” said Bragdon. “As security leaders navigate a competitive workforce, they are also looking to their security technology partners to create more efficient and automated practices that make sense for their business and employees.”

About 2022 Foundry Security Priorities Study

Foundry’s 2022 Security Priorities Study was conducted among the audience of five Foundry brands (CIO, Computerworld, CSO, InfoWorld and Network World). The survey was fielded online to gain a better understanding of the various security projects organizations are focused on now and in the coming year. The research also explores the issues that will demand the most time and strategic thinking for IT and security teams, as well as the investments security executives are expecting to make. Results are based on 872 global respondents who are involved in IT and/or corporate/physical security decisions.