Money, Skills, And Hired Guns: 2014 Strategic Security Survey - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Data Management // Big Data Analytics
09:36 AM
Connect Directly

Money, Skills, And Hired Guns: 2014 Strategic Security Survey

Tight budgets. A manpower crunch. More -- and more sophisticated -- threats. Are you sure you're up to this?

Download the new issue of InformationWeek Tech Digest, distributed in an all-digital format (registration required).

Enterprises outsource everything from server hosting to application development. Why not security? Look for this year to mark the start of a new era in information security, where organizations that can afford to build sophisticated analysis teams do so, and those that can't hire specialized providers.

It's not that information security pros feel their efforts are falling short. Just 16% of the 536 respondents to our 2014 Strategic Security Survey say their organizations are more vulnerable to attacks than they were a year ago. The problem is that the status quo isn't acceptable: 23% of respondents admit to a known security breach or espionage in the past year, ticking up two points from 2013.

Winston Churchill once said, "If you're going through hell, keep going." Good advice, but hard to follow when every piece of malware or end-user mouse click could launch the breach that ends your business, and your job. IT security is not a needle-in-a-haystack problem. It's a needle-in-a-needle-stack problem. Thousands of attacks come at you each day. How do you keep up, much less allot a few hours to think about defensive technologies or how to explain the latest zero-day advanced persistent threat to executives who, even after a breach brought down Target CEO Gregg Steinhafel, still spend on security only grudgingly?

Money, Skills, And Hired Guns
Among respondents who feel they're more vulnerable this year, 40% cite budget constraints as a contributing factor -- up a notable 10 points from 2013. But bigger problems for these shops are the increased sophistication of threats (77%) and that there are more ways than ever to attack a corporate network (66%). Among all survey respondents, only 5% are cutting IT security spending, compared with 37% increasing and 47% staying the same. Clearly, the issue isn't just, or even mostly, about cash to spend on technology. It's about finding the right people, advanced attackers, and a warped way of measuring success.

Our survey shows that even in 2014, with record breaches and threats, the top way organizations measure the value of their security investments is by whether they pass a third-party audit. So in other words, it's still only a need to check the boxes driving security investment.

But before we all bash executives, let's look at it from their point of view because frankly, investing significant money in security is no guarantee of good results.

First off, your typical enterprise security team is its own worst enemy. "The biggest area of concern isn't security itself, it is the balance between security and the ability to allow for business to continue," says one respondent. "We sometimes add in too much security, which hinders the business from operating, and vice versa, which creates major security risks."

If you cause a business slowdown when implementing a security control, you take one step forward and three back in executives' minds.

Given a low perceived return on investment, many executives see a binary decision: Build the minimum viable security practice as cheaply as possible internally, or outsource.

Rread the rest of this story in the new issue of
InformationWeek Tech Digest.


Michael A. Davis has been privileged to help shape and educate the globalcommunity on the evolution of IT security. His portfolio of clients includes international corporations such as AT&T, Sears, and Exelon as well as the U.S. Department of Defense. Davis's early embrace of ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
5/12/2014 | 3:28:39 PM
Re: Surprises
Hmmm ... an interesting prospect, Michael. I just worry about adding another layer/tunnel for data. How do you reconcile the propensity for folks to sidestep extra layers? Or for the problems stemming from extra connections (read: Target HVAC guy)?
User Rank: Author
5/12/2014 | 1:09:42 PM
Mike, you have a long-term perspective on security spending and staffing. What if anything surprised you in this year's data?
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll