An IDC study for Devoteam, specializing in consulting in innovative technologies and management, reveals that a wall of misunderstandings persists between Security decision makers and Business and IT decision makers. Many still perceive security as a budgetary constraint.
Conducted before the Covid-19 pandemic in Europe and the Middle East on the theme of “A plan for the transformation of security”, this survey confirms the gap between, on the one hand, the discourse on the need to protect its information heritage and on the other hand the prioritization of decisions.
Although most organizations agree on the benefits of “by design” security, in reality, few have actually put it into practice. When it comes to new projects and initiatives, security remains an afterthought for more than a third of organizations.
Admittedly, the professionals interviewed are almost unanimous on the main objectives of digital transformation, namely that it allows to take advantage of the opportunities offered by new technologies in terms of innovation, reinvention and optimization of processes, and d improvement of customer and user experiences.
Each family of decision-makers assigns it a different priority. 58.28% of Business decision-makers expect better involvement of the business lines. For 61.97% of IT decision-makers, system integration is the overriding objective.
Where to place the cursor
Finally, logically, for Security decision-makers, it is information security that is expected above all (for 65.28% of them).
As a result, competing priorities become an obstacle to the successful transformation of the business. Regulatory compliance and realignment of activity on digital channels are among the priorities placed in 2nd or 3rd position by all decision-makers.
In reality, this study points to the complexity for organizations to find where to place the cursor. Budget constraints are permanent obstacles to improving security in organizations.
Almost half (47.09%) of decision makers, all functions combined, put the budget in pole position of the brakes, ahead of the lack of skills (40.93%) and the fragmentation and lack of integration of security solutions ( 39.93%).
Each category of decision-makers has its own priorities. For Business decision-makers, the main obstacles to improving safety in companies are: 1. budgetary constraints (52.98%), 2. lack of skills (43.71%), 3. difficulty in arbitrating between security and business priorities (41.72%).
Fragmentation of security solutions
For the Security functions, budgetary constraints are indeed the main obstacle (50.93%). They rank second and third, respectively, the fragmentation and lack of integration of security solutions (43.2%) and the lack of skills (39.81%).
Finally, for IT decision-makers, budget constraints (39.74%) come after the fragmentation and lack of integration of security solutions and the lack of skills which rank equally (40.17%).
These figures demonstrate how finding the balance between security and achieving operational efficiency is a difficult challenge for most organizations.
The survey also reveals that if 92.2% of organizations take risk analysis into account when guiding investment decisions – and if 81.4% of them believe that their approach to cybersecurity is already aligned with a risk management policy; only 26% of organizations take cybersecurity into account when planning any new business initiative.
Security “by design” is far from being a generalized attitude …Source: Devoteam