While IT security decision makers often consider cyberattacks a serious concern and are allocating a significant share of their IT budget to address their cybersecurity challenges, data breaches have still been uncomfortably commonplace, an INTRUSION survey reveals.
Cybersecurity IT budget vs. breaches
Data breaches are too commonplace despite allocating significant portions of their IT budget to cybersecurity.
- Close to half explicitly dedicate 20% or more of their total IT budget to cybersecurity.
- One-third reported a data breach at their organization within the past 12 months with two-thirds of those cases involving employee personal devices (e.g., laptop, smartphone). Ultimately, 52% reported a data breach at their organization at some time in the past.
Response plans, IT staffing, solutions
Significant cyberattack concerns often remain even with formal response plans and the combination of staff and solutions being considered effective.
- 84% reported having a formal cyberattack response plan. However, among these respondents, a sizable proportion (44%) were still “Very Concerned” about cyberattacks harming their organization.
- Among those who rate both their cybersecurity team and software, services, tools, etc. as “Very Effective,” 61% were still “Very Concerned” about cyberattacks threatening their organization. When asked which – staff or solutions – was most critical for effective defense against cyberattacks at their organization, 28% favored the cybersecurity team, while 19% favored their product mix. Slightly more than half felt that both were equally important.
Inside vs. outside threats
The survey addresses internal and external threats and reveals a sentiment of false security given the occurrences of data breaches.
- Approximately 76% expressed it is probable that malware has been embedded in computer hardware/equipment manufactured abroad and sold to U.S. organizations.
- When asked if their organization has sufficient protection from outside threats to their networks and from inside threats such as call-homes, respondents answered, “yes, definitely” 47% and 58% of the time, respectively. (A “call-home” is when malware on a device tries to connect with a command-and-control server to get updates or instructions.)
Data breaches continue despite significant IT budget allocations for cybersecurity
The survey findings demonstrate that IT decision makers are struggling with the current combination of IT staffing/security solutions ability to effectively stop cyberattacks.
“If you’re in charge of IT security at any sized company, getting a good night’s sleep may be a problem. With leaders fretting over the effectiveness of their teams and technologies things could get dramatically worse as those asked to work at home during the COVID-19 pandemic make their way back to the office with all their devices.”
Continued Davis, “with 52% of IT/security decision-makers reporting a data breach at their organization sometime in the past, we feel that those at the tip of the spear for their IT security can and should feel confident that they can effectively protect their company from being tomorrow’s headline.”