80% of senior IT leaders see cybersecurity protection deficits

A lack of confidence in companies’ defenses is prompting 91% of organizations to boost 2021 budgets, according to a new IDG/Insight Enterprises study.

Nearly 80% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges, according to a new IDG survey commissioned by Insight Enterprises.

That high level of concern over the ability to withstand cyber threats in today’s complex IT environment is causing 91% of organizations to increase their cybersecurity budgets in 2021, nearly matching the 96% that boosted IT security spending in 2020, according to the survey by Insight’s Cloud + Data Center Transformation team.

The survey examined the impact of the distributed IT landscape and pandemic-related transition to a remote workforce on IT security, including shifts in modernization priorities, projects undertaken in 2020 and major obstacles faced in strengthening cybersecurity defenses.

At a high level, the survey found that 78% of respondents lack confidence in their company’s IT security posture and believe improvements are needed. Respondents expressed the least confidence in their organization’s security roadmap (32%), security-related technology and tools (30%) and internal teams and skill sets (27%), according to the report.

Respondents reported the highest level of trust in their company’s data management strategy, but even then, less than half (45%) voiced confidence in this aspect of security operations, the report said.

One silver lining is that cybersecurity is being integrated into multiple aspects of the business, indicating rising recognition of the risk that a cyberattack poses to company operations, the report said. Fully 100% of survey respondents reported that their boards and executive teams are more focused on their organization’s security posture than in the past, Insight said.

In addition, 68% initiated projects to integrate incident response into companywide business continuity plans, 61% are integrating cybersecurity into infrastructure and DevOps decisions and 59% are incorporating IT security into broader business operations decisions to better combat cyber threats.

Other notable findings:

Companies shifted cybersecurity modernization priorities in 2020 in response to the immediate challenges presented by the pandemic, accelerating an average of five to six initiatives to protect the increasingly distributed IT environment and securely connect a remote workforce with the data needed to keep businesses running.Most companies pursued multiple projects in categories including threat visibility/identification (73%), incident response (70%), network security (68%), endpoint security (67%), application security (67%), malware protection (64%) and identity and access management (55%).

Most complex, long-range security projects took a back seat to block-and-tackle activities such as anti-malware/antivirus upgrades, multifactor authentication and firewall-as-a-service deployments. As a result, relatively few organizations initiated or executed projects in critical areas like identity governance, zero trust, data analytics, AI/machine learning and SASE implementations.

Key challenges to strengthening security postures

The survey found that 55% of respondents ranked lack of automation as the No. 1 challenge in security operations and management, reflecting their inability to manually analyze and respond to the flood of notifications and events generated by an increasingly complex security infrastructure.

The problem is exacerbated by factors including the disparate tool sets involved, outdated technology lacking the APIs to support automation and the time and advanced skill sets required to implement automated processes, according to Insight.

Further, only 27% of respondents expanded security staff in 2020. This was down slightly from 30% in 2019 and leaves IT teams stretched very thin and without many of the specialists required to execute the wide range of tasks necessitated by the year’s evolving threatscape, Insight said. The survey found that 41% plan to begin or resume staff expansion this year.

Another finding was that just 57% said they conducted a data security risk assessment in 2020 despite the need to reevaluate their security posture in the face of new threats associated with the pandemic. Limited manpower and resources as IT teams addressed emergency security measures likely prevented this critical step in aligning security priorities with current conditions, Insight said.

“Entering 2020, organizations were in the midst of addressing security challenges associated with the increasingly distributed IT landscape spanning cloud, edge and on-premises environments. These challenges greatly intensified with the rapid work-from-home expansion brought on by the pandemic,” said Shawn O’Grady, senior vice president and general manager, Cloud + Data Center Transformation, at Insight, in a statement.

O’Grady said the survey indicates organizations have made strides to address gaps and integrate cybersecurity into business, operational and IT infrastructure decisions, but a lot of work still needs to be done. “Bolstering security postures is a complex and continual effort,” he added.

Respondents included more than 200 C-level IT and IT security executives in organizations with an average of 21,300 employees across a wide range of industries, Insight said.