In a recent post we covered the potential problem of workers and managers at organizations becoming increasing disengaged from information security efforts as major data breaches become more common occurrences and take on an air of inevitability.
Well, one group that’s apparently not becoming less engaged are the people responsible for governing IT security budgets—and that’s good news not only for corporate security efforts, but for the channel partners who can help organizations strengthen their security postures.
A host of recent industry research reports indicate that the purse strings are loosening for cyber security, in part because of high-profile data breaches experienced by companies such as Anthem, Home Depot, Sony Pictures Entertainment and Target.
For example, a study released in March 2015 by consulting and professional services firm BDO USA, which featured a survey of 100 CFOs at U.S.-based technology companies, showed that about two thirds (67%) of the financial executives have increased spending on cyber security measures during the past year.
BDO commissioned research consulting firm Market Measurement Inc. to conduct a national telephone survey of CFOs from December 2014 to January 2015, as part of its eighth annual 2015 BDO Technology Outlook Survey. Of the organizations surveyed that have made efforts to strengthen their IT security, a large majority (90%) have deployed new software security tools, the report says.
Almost three quarters of the CFOs surveyed (72%) said their organizations have created a formal response plan for security breaches, 48% have hired an external security consultant and 30% have brought on a chief security officer.
The finance executives queried by BDO are clearly concerned about online security threats that might emerge from geopolitical issues as countries prioritize their information security efforts to protect against potential U.S.-based and foreign hacker attacks.
Other research points to an upward trend in security technology spending.
CSO, in its annual State of the CSO report, reported that more than half of the 366 security executives it surveyed online in 2014 (52%) said their organization’s overall security budget would rise over the coming 12 months, compared with the previous 12 months.
A mere 5% of the companies surveyed by the security news site expected to see a decrease in spending. In the financial services industry, two thirds of the respondents (67%) expected to see an increase in spending.
Computerworld’s annual Forecast survey of IT executives also points to a rise in security spending. More than 40% of the 194 respondents said they expect their IT budgets to increase, up from 36% in the prior year’s study, and organizations were expecting to increase spending on security tools.
According to the Computerworld report, high-profile security breaches and the explosion of mobile technologies “propelled security spending to the top of the IT priority list for 2015.” Nearly half of the IT leaders who responded to the survey (46%) said they will invest more in access control, intrusion prevention, identity management, and virus and malware protection.
Finally, in a survey released in early 2015, investment bank and asset management firm Piper Jaffray Companies found that three quarters of 112 CIOs, primarily in North America, expected to increase spending on information security this year. That was up from 59% in 2014.
As the Piper Jaffray report noted, it’s clear CIOs have heightened concerns about security following the breaches that occurred in 2014, and this is reflected in the plans for increased spending. The survey showed that security was the highest spending priority for organizations across several technology categories. Network and endpoint security were the top two areas expected to see increases in spending, according to the report.
Other recent studies also reflect a rising focus—and spending—on cyber security efforts. But the data referenced above should make the point that corporate decision makers are not standing still when it comes to bolstering efforts to defend against hacker attacks and other intrusions.
If you’re a value-added reseller or managed services provider with security expertise and a solutions portfolio, there is perhaps no better time to address this obvious need to improve the security posture of client organizations.
While much of the emphasis remains on guarding the perimeter to keep out intruders, it’s important not to forget how important it is to protect the very resource cyber criminals are going after: business data. The well-publicized attacks of the past year or two showed how many records can become exposed when a large data breach occurs. Many of these records included customers’ and employees’ personal information.
Channel partners can help organizations make sure they’re investing their dollars in the right places to secure the perimeter as well as endpoints and data.