Cybersecurity is a subject of disagreement within the company, a necessary cost worthless, according to a study carried out for Devoteam.
Like digital transformation, cybersecurity is not perceived in the same way according to the professions in the company. But, unlike the first, the second is too often seen as a net cost, of no value to the business, even if it is a necessary cost. As a result, security can be more easily sacrificed on the budgetary altar. These differences in appreciation are highlighted in a study carried out for Devoteam.
Even for digital transformation, the differences in priorities are clear: better involvement of the trades for 58.28% of business decision-makers, systems integration for 61.97% of IT decision-makers and information security for 65, 28% of security decision-makers. On the security side, the combination of all the responses places budgetary constraints at the top of the difficulties for improving security in organizations, ahead of the lack of skills (40.93%) and the lack of integration of security solutions ( 39.93%). But this average hides a clear disparity.
The budget is not the only constraint
Thus, business decision-makers see budget constraints in mind (52.98%), faced with the lack of skills (43.71%) and the difficulty in arbitrating between security and business priorities (41.72%). For security decision-makers, budget constraints remain at the top (50.93%) but faced with the fragmentation and lack of integration of security solutions (43.2%) and the lack of skills (39.81%). Finally, IT decision-makers consider the lack of integration of security solutions and the lack of skills (40.17%, tied) as the main obstacles, far ahead of budgetary constraints (39.74%).
To define security priorities, 92.2% of organizations take into account a risk analysis and 81.4% consider their cybersecurity policy fully aligned with risk management. And in order to ensure that a system is well secured and that securing does not hamper production, the “security by design” approach is obvious. In theory. Thus, this approach is only generalized in 13% of organizations, even if 49.78% adopt it on an ad hoc basis. And only 26% of organizations take cybersecurity into account when planning any new business initiative. So there is still a long way to go to ensure that cybersecurity is a shared priority.