• United States



IDG Research: Large organisations have the budgets to hire CISOs

Oct 03, 20172 mins

IDG Research looks at this year’s IT security priorities

Over the last few years, cybersecurity has gradually raised in profile, this has put increased pressure on business leaders and resulted in more and more senior security professionals getting hired (by those that can afford it).

The recent IDG Enterprise Security Priorities Survey, which profiled 694 security and information technology decision-makers, showed that whilst the security challenges of SMBs and enterprises are similar, their maturity to cope is different. Perhaps not surprisingly, enterprise organisations are far more likely to have a CISO and dedicated security group in place. They are also more likely to have deployed security technologies like two-factor authentication or data loss prevention tools.

The research suggested that in organisations which lack a strategic security lead, issues are escalated to the CIO or CEO, in about equal measure. In companies which do have this function in place, this individual typically takes primary responsibility for a wide range of security issues, including insider threats, incident response, vulnerability management and security awareness training.

This represents a marked split between smaller and larger organisations. Almost half of enterprise respondents (48%) said they focus solely on IT security decisions, compared to one third (33%) of SMB respondents. The upshot of this is that employees in smaller organisations are required to wear more hats in their day-to-day work which makes it more difficult for them to strategise and plan for the long term.

These problems aren’t likely to go away anytime soon. And organisations of all sizes are dealing with the same threats and challenges. These include the potency of online attacks and phishing scams, the increasing sophistication and determination of criminal and nation-backed hackers, the necessity to align information technology and information security programs and the difficulty associated with finding and keeping qualified professionals.

One of the big takeaways from this report is that in matters of security, size and resources matter now more than ever before. This is because enterprises have greater flexibility in hiring and staffing so can hone their information security practices to encompass user education, sophisticated network monitoring and incident response. SMBs, however, are just left struggling behind.