InfoSec Breakdown: Latest Research Shows a Shift in Priorities

Recent reports and surveys show that organizations concentrated greater efforts toward cyber security in 2014 than they have in years past. Furthermore, cyber security has become a greater priority for IT professionals facing a variety of challenges. The following statistics are indicative of these shifts:

  • 84% of IT professionals see monitoring security events as a key area of concern.

According to a recent Protiviti study, IT decision makers are prioritizing cyber security issues more than they have in past years. On a 10 point scale, those surveyed rated monitoring security events at 7.0 (up from 6.4 in 2014). Incident response time was rated at 6.9 (up from 6.3 in 2014). While other categories such as virtualization and enterprise architecture ranked among the highest priorities, the vast majority of IT priorities listed for 2015 were directly tied to mitigating cyber risk.

  • 59% of IT decision makers indicated a desire to track and monitor third-parties, yet only 22% do so on a monthly basis.
A recent study commissioned by Forrester on behalf of BitSight Technologies reveals that IT professionals are putting in greater effort and resources on ensuring the security of third-parties and vendors. In this survey, ensuring that business partners and vendors meet security requirements ranked third on a list of IT security priorities set for the next year.
  • 69% of breaches are detected by an external entity.

In Mandiant’s 2015 M-Trends Threat Report, 31% of organizations surveyed discovered breaches internally. However, the report did show that on average, the amount of time taken to discover a breach is down from 2013.

  • The average information security budget fell 4% in 2014 to an average of $4.1 million dollars.
According to PwC’s 2015 Global Information Security Survey, 2014 was the first time in three years that security spending did not increase. However, 51% of respondents said they had purchased a cyber insurance policy.

Looking Ahead

As data breaches dominated headlines in 2014, it is not a surprise that priorities have shifted towards strengthening cyber security. While large-scale breaches will continue to emerge, it will be interesting to see if these new priorities will translate into stronger security postures.