IDG Research: Large organisations have the budgets to hire CISOs

Over the last few years cybersecurity has gradually raised in profile, this has put increased pressure on business leaders and resulted in more and more senior security professionals getting hired (by those that can afford it).

The recent IDG Enterprise Security Priorities Survey, which profiled 694 security and information technology decision-makers showed that whilst the security challenges of SMBs and enterprises are similar, their maturity to cope is different. Perhaps not surprisingly, enterprise organisations are far more likely to have a CISO and dedicated security group in place. They are also more likely to have deployed security technologies like two-factor authentication or data loss prevention tools.

The research suggested that in organisations which lack a strategic security lead, issues are escalated to the CIO or CEO, in about equal measure. In companies which do have this function in place, this individual typically takes primary responsibility for a wide range of security issues, including insider threats, incident response, vulnerability management and security awareness training.

This represents a marked split between smaller and larger organisations. Almost half of enterprise respondents (48%) said they focus solely on IT security decisions, compared to one third (33%) of SMB respondents. The upshot of this is that employees in smaller organisations are required to wear more hats in their day-to-day work which makes it more difficult for them to strategise and plan for the long term.

These problems aren’t likely to go away anytime soon. And organisations of all sizes are dealing with the same threats and challenges. These include the potency of online attacks and phishing scams, the increasing sophistication and determination of criminal and nation-backed hackers, the necessity to align information technology and information security programs and the difficulty associated with finding and keeping qualified professionals.

One of the big takeaways from this report is that in matters of security, size and resources matter now more than ever before. This is because enterprises have greater flexibility in hiring and staffing so can hone their information security practices to encompass user education, sophisticated network monitoring and incident response. SMBs, however, are just left struggling behind.



« Advice from a CISO: We have traditionally failed at leadership


Emerging markets need to catch-up on high skill programming »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?