NAVEX Global released key findings from its survey of IT security professionals in the U.S. and U.K. on the collaboration between the IT and risk management functions.
Respondents state that IT and cybersecurity risks were broadly considered part of their organization’s overall risk profile and should be addressed holistically:
- Fully 95% of respondents say their organizations include cybersecurity within their overall integrated risk management (IRM) approach.
- 91% say cybersecurity is considered a top business risk within their organization.
IT security and enterprise risk management collaborating
74% of respondents report increased collaboration between IT security and enterprise risk management over the past year. This suggests organizations recognize better coordination is required to mitigate serious cybersecurity failures.
78% say their company’s investment in cybersecurity has increased in the past year, while 82% indicated that recent data breaches have either greatly or somewhat impacted the way their organization prioritizes cybersecurity.
“The past year and a half posed new and unique risk management challenges for many organizations. Chief among them was the significant increase in remote workers. This, in combination with a general increase in external attacks such as phishing, ransomware and other breaches, makes cybersecurity a top-priority risk,” said Haywood Marsh, general manager of NAVEX Global’s IRM solutions. “This survey confirms that a successful approach to integrated risk management must also comprehend cybersecurity.”
The majority of respondents say they increased spending last year. More than 80% of enterprises that employ between 1,000 and 9,999 increased spending on cybersecurity last year.
Among the very largest companies, those with 10,000 or more employees, 61% indicated an increase in cybersecurity spending, likely because these larger organizations already spend heavily in this area.
Respondents state that collaboration between IT/cybersecurity and the risk management functions also increased last year. Among smaller organizations, those with 1,000–4,999 employees, 75% said there was an up-tick in coordination with their risk management counterparts. The number grows to 85% of respondents at companies with 5,000–9,999 employees.
Finally, organizations with 10,000 or more employees also indicated increased coordination but the number drops to 61%. This too is likely because larger companies already recognize the benefit of this type of coordination and cooperation.
Spending trend by industry
The survey showed some variance in spending across industries. Top investors in cybersecurity last year include Science and Pharmaceutical (100%), Engineering and Manufacturing (80%), Banking and Finance (79%) and Healthcare (71%). Empirical evidence also supports that these industries are highly targeted by threat actors.
Additionally, the survey shows investments in cybersecurity increased significantly for both U.S. and U.K. companies, 83% and 70% respectively. Similarly, collaboration between IT security/cybersecurity and enterprise risk management increased in the U.S. (78%) and in the U.K. (65%) indicating that IRM is moving to the forefront for a large majority of companies.