Top outcomes organizations want from their security investments

Preventing data breaches and safeguarding remote workers are among the top security priorities and outcomes organizations want from their security investments, according to WithSecure.

WithSecure polled over 3,000 IT decision makers, IT influencers, and top management from organizations in 12 different countries about a variety of business and cybersecurity topics, including their top priorities and challenges in the near future.

Preventing data breaches was the most common technical security priority for respondents, with over a third placing it in their top five. It was the most common priority identified by respondents from Canada, Finland, Japan, the Netherlands, the UK, and the US, as well as respondents working in healthcare, IT, manufacturing, the public sector and education, and trade and commerce.

Other common priorities included ensuring protection against malware/ransomware, preventing advanced email-based threats such as phishing or business email compromise, ensuring security of cloud-based collaboration applications such as Office 365 and Salesforce, and ensuring the security of an increasingly diverse pool of devices, services, and software.

Safeguarding their remote/hybrid workforce was the most common business security outcome sought by organizations. It was the most identified outcome by survey participants from Canada, Finland, the UK, and the US, as well those working in manufacturing, public service and education, and professional services (such as media and advertising, tourism, etc.).

According to WithSecure Cyber Security Advisor Paul Brucciani, what seems to be missing from the identified priorities is the importance of security in organizations’ everyday work.

“The mundane stuff that has a real lasting impact is overlooked because it needs to be driven internally and is often very difficult. Most organizations are missing out on these factors and they aren’t among their top priorities,” said Brucciani. “Building a security culture, for example, isn’t something that can be outsourced, and it won’t happen overnight.”

While safeguarding remote workers was the most frequent business security outcome identified by respondents, creating a strong security-first culture was also in the top five. Other common outcomes highlighted by respondents included increasing the speed and effectiveness of their response to cyber security incidents, increasing their understanding of cyber security threats/risks and awareness across the organization, and securing business continuity without interruptions.

“Security permeates every facet of an organization. CISOs need to produce multiple outcomes rather than focus all of their efforts on one thing at a time,” said Brucciani. “It is a tough challenge, but with suitable planning, preparation, and assessment, organizations can use security to accomplish their strategic goals.”