Security Market Segment LS
Friday, 09 October 2020 08:46

Thycotic study – what causes a board to invest in cyber security? Featured

By

Thycotic, a provider of privileged access management (PAM) solutions to more than 10,000 organisations, including 25 of the Fortune 100, today released its CISO Decisions survey, an independent global study that examines what most influences the board to invest in cyber security and the impact this has on CISO decision-making.

Thycotic, in conjunction with Sapio Research, conducted a survey in August 2020 that gathered responses from 908 Senior IT security decision-makers (102 in Australia) working within organizations of 500+ employees in these countries: US (22% of responses), UK (11%), Germany (11%), Australia (11%), New Zealand (11%), France (11%), Spain (11%), Malaysia (6%) and Singapore (5%). Of those, 31% claimed to be CEO/CSO/CISO/CIO, 37% head of IT or IT director and the remaining 32% were IT manager or security manager.

The research shows boardroom investments in cyber security are most commonly the result of an incident or fears of compliance audit failure. Because of this, the research found two thirds, or 66% of Australian respondents (58% globally) say their organisations plan to add more towards security budgets in the next 12 months.

There are positive signs that boards are stepping up with investment. Around 88% of Australian respondents (77% globally) have received boardroom investment for new security projects, either in response to a cyber incident at 59% of organisations (49% globally) or through fear of audit failure at 29% (28% globally).

Cyber threats have risen due to the work-from-home nature of the response to the COVID-19 crisis, and CISOs report that boards are listening and stepping up with increased budgets for cyber security, with the overwhelming majority in Australia, or 94% (91% globally) agreeing that the board adequately supports them with investment. Two thirds of Australian respondents (versus 58% globally) believe that in the next financial year they will have more security budget because of COVID-19.

However, CISOs have their work cut out to gain the support of boards. Around two fifths, or 41% of Australian participants' proposed investments (37% globally) were turned down because the threat was perceived as low risk. Around two in five, or 39% (37% globally) were turned down because the projects had a lack of demonstrable ROI. And 38% of Australian respondents (33% globally) believe senior management does not comprehend the scale of threats when making cyber security investment decisions, thus perpetuating the problem that many IT security officers have in "selling" to the board.

"Our study clearly shows that before CISOs can pursue technology innovation they must first educate their stakeholders about the value of cyber security," said James Legg, chief executive at Thycotic. "Securing boardroom investment requires them to strike a delicate balance between innovation and compliance."

CISOs' own approaches to buying decisions are forward looking as they try to keep up with industry developments and their sector peers. A large majority, or 74% of Australian respondents (75% globally) say they want to try out innovative new tools. However, in practice, many are guided by their industry peers, with two in five, or 40% (46% globally) benchmarking their buying decisions against other companies in their sector. This may lead CISOs to err on the side of proven, known technology rather than trying something new.

"While boards are definitely listening and stepping up with increased budget for cyber security, they tend to view any investment as a cost rather than adding business value," said Terence Jackson, CISO at Thycotic. "There are some encouraging signs, particularly in APAC where ROI is a leading factor in security investment decisions.

"However, there is still some way to go," he continued. "The fact that boards mainly approve investments after a security incident, or through fear of regulatory penalties for non-compliance, shows that cyber security investment decisions are more about insurance than about any desire to lead the field which, in the long run, limits the industry's ability to keep pace with the cyber criminals."


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.

CLICK HERE!

WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.

MORE INFO HERE!

BACK TO HOME PAGE
David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments