Readers haven’t got the money to close every security gap – but prioritisation is keeping most of the bad guys out, our research reveals
TechWeekEurope readers’ IT security budgets are healthier than their overall IT spending, but you still don’t feel as though you have enough to keep threats at bay, according to research we have carried out before a meeting of our Tech Club in London this evening.
According to our survey, which includes responses from around 40 IT professionals, security budgets are static or going up at 88 percent of our readers’ organisations, but more than half of you still feel they don’t have enough money at your disposal.
Firewall is top priority
This is despite firms apparently keeping security funding steady even when overall IT budgets are declining. Nearly 18 percent of you have a declining IT budget, but only 12 percent have a security budget that is going down.
However, since 55 percent said their security budget doesn’t cover all the threats they need to cover, it’s clear that our readers are having to prioritise the security measures they apply, according to an assessment of the risks involved.
The first priority security measure is – as one might expect – the firewall, which has traditionally separated the organisation’s IT from the outside world. Nearly half (46 percent) of readers put that first.
However, the arrival of cloud technologies and mobile devices make these boundaries hard to define, and organisations have to rely on their staff behaving intelligently – so nearly a quarter (24 percent) put education first. Antivirus was the most popular second choice and the second most popular security measure overall. Password management placed fourth after education – and was the most popular third choice as well.
Given that not all risks are being covered, it’s no surprise to find that a significant number of readers have been breached in the past year. As security experts often tell us, insider attacks (or errors) are a bigger source of danger than external attacks. Insider attacks have hit 28 percent of you, according to our answers, and external attacks succeeded at 22 percent of you.
Perhaps that’s not such a bad result, given that you know you aren’t covering every chink in your armour. It would be a lot worse if you weren’t so good with your risk assessment. A disappointing 14 percent of the sample never do a risk assessment, but more than 80 percent of you do them at least once a year.
You can still contribute to our Technology on a Shoestring survey. We will publish updated results when we have a bigger sample.
Are you a security expert? Try our quiz!