Cybersecurity, an issue once relegated to the IT department, is increasingly acknowledged as a whole-of-organization responsibility. A new report revealed that business executives are devoting more spending to technology and innovative approaches for managing cyber threats.
The Global State of Information Security® Survey 2017, released October 5 by PricewaterhouseCoopers (PwC) in conjunction with CIO and CSO, stated that organizations are gradually overcoming the attitude that cybersecurity is just an IT cost, with 59 percent of respondents stating they have increased cybersecurity spending as a result of the digitization of their business.
“There is a distinct transformation in how business leaders are viewing cybersecurity and technology – no longer seeing technology as a threat and understanding that cybersecurity is a vital component that must be adopted into the business framework,” said David Burg, PwC’s US and Global Leader, Cybersecurity and Privacy. “To remain competitive, organizations today must make a budgetary commitment to the integration of cybersecurity with digitization from the outset.”
In addition, organizations are increasingly leveraging cloud models. According to the report, 63 percent of survey respondents said their organization runs IT operations in the cloud. Even large financial services firms are beginning to trust the cloud with their sensitive information.
“The fusion of advanced technologies with cloud architectures can empower organizations to quickly identify and respond to threats, better understand customers and the business ecosystem, and ultimately reduce costs,” added Burg. “Cloud models have become more popular in recent years, and that trend will likely only continue as the benefits become increasingly clear.”
Tights budgets and the cybersecurity workforce gap have led many organizations to turn to managed security services to operate their cybersecurity programs, with 62 percent of respondents indicating that their organization using a security service provider. The cybersecurity professional shortage is likely to continue to drive organizations to turn to third parties to run their security programs.
The report’s key findings also include:
- Employee training is a top priority for data privacy;
- Many businesses are moving beyond passwords to advanced authentication methods to improve security;
- Phishing is a top threat, with 43 percent of large organizations reporting phishing incidents; and
- Organizations are increasing cybersecurity safeguards and adopting a security strategy in response to the growth of the Internet of Things.
“Designing and implementing a cybersecurity and privacy program is challenging enough, but once a program is in place components must be thoroughly integrated, professionally managed and continuously improved. As this can be difficult for resource-constrained organizations, many are adopting managed security services and utilizing open-source software,” said Bob Bragdon, SVP/publisher of CSO.