IDGâs fourth annual Security Priorities study aims to gain a better understanding of the various security projects organizations are focused on now and in the coming year.
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Â
IDG 2020 Security Priorities Research
1. I D G C O M M U N I C A T I O N S , I N C .
Q U A L I T Y
M A T T E R S
IDG COMMUNICATIONS, INC.
QUALITY
MATTERS
IDG Security Priorities Study
2020
2. I D G C O M M U N I C A T I O N S , I N C .
Q U A L I T Y
M A T T E R S
78%
8%
4%
7%
3%
Purpose and Methodology
Source: IDG Security Priorities Study, 2020
To gain a better understanding of the various security projects organizations are focused on now and in
the coming year. The research also looks at the issues that will demand the most time and strategic
thinking for IT and security teams, with some questions specific to the COVID-19 pandemic.SURVEY GOAL
AUDIENCE BASE
CIO, Computerworld, CSO, InfoWorld,
and Network World site visitors, and email
invitations to audience base.
NUMBER OF
QUESTIONS 34
COLLECTION METHOD
Online questionnaire
522
IT LEADERSHIP
All survey respondents are involved
in IT and/or corporate/physical
security decisions.
Business Mgmt
Technology
19%
Manufacturing 14%
Financial Services 12%
Services (legal, consulting, real estate) 11%
Healthcare 9%
Government/Non-profit 8%
Education 5%
Retail, Wholesale and Distribution 5%
JOB TITLES
TOTAL RESPONDENTS
TOPREPRESENTEDINDUSTRIES
AVERAGE
COMPANY SIZE
12,661
EMPLOYEES
ExecIT/
Security
IT/Security
Pro
IT/
Security
Mgmt.
Other
2
REGION
North America â 73%
APAC â 21%
EMEA â 6%
3. I D G C O M M U N I C A T I O N S , I N C .
Q U A L I T Y
M A T T E R S
2%
7%
12%
13%
15%
15%
16%
16%
16%
17%
17%
21%
23%
24%
27%
28%
28%
29%
37%
Responding to inquiries from senior mgmt and/or the Board
Addressing issues that arise with security vendor(s)
Cyber threats from inside the organization Insider threats
Addressing security risks associated with disruptive tech
Managing security/addressing risks around mobile devices
Addressing issues that arise with technology (non-security) vendor(s)
Employee retention/hiring skilled & qualified workers
Institutional silos (little to no collaboration to address threats)
Gaining cooperation/buy-in from business leaders/stakeholders
Acceleration of digital transformation initiatives
Security of business operations and/or data hosted in the cloud
Ensuring customer privacy/confidentiality
IT Audit
Shadow IT (IT is not always aware when new tools are implemented)
Cyber threats from outside the organization APTs, DDoS
Meeting governance & compliance regulations
Budgetary constraints/demonstrating ROI
Employee awareness and training issues
Unexpected/underexpected business risks (pandemic, workforce changes, etc.)
Strategic Time Redirected Due to Pandemic
3
Q. What security-related challenges are most often forcing you to redirect your time and focus away from more strategic tasks?
Source: IDG Security Priorities Study, 2020
#1 in 2019
#2 in 2019
#3 in 2019
4. I D G C O M M U N I C A T I O N S , I N C .
Q U A L I T Y
M A T T E R S
Falling Short in Resources & Strategy
4
Q. In which areas, if any, do you feel your organization is falling short in addressing cyber risk?
Source: IDG Security Priorities Study, 2020
11%
12%
16%
18%
18%
19%
20%
20%
26%
27%
28%
30%
31%
Lack of security during due diligence phase of M&A
Non-routine updates of incident response plan
Lack of security team involvement in vendor and 3rd party management
The complexity of our security environment makes it difficult to retrieve timely,
actionable intelligence from our systems
Poor visibility into IT environment
Lack of security team involvement prior to implementing new technologies
Addressing risks that have arisen from the new work environment brought on by
the pandemic
We struggle to find, acquire, and/or retain the technical or professional expertise
we need
Insufficient communications between security team and lines of business
Inadequate security training for users (full and part-time employees,
contractors, or outsourced users)
We are not proactive enough when it comes to our security strategy
Security is not always addressed during application development
We are not investing enough resource (budget, people, technologies, etc.) to
address our risks
87%
believe their
organization is
falling short
addressing
cyber risks
5. I D G C O M M U N I C A T I O N S , I N C .
Q U A L I T Y
M A T T E R S
Despite Pandemic, Security Budgets Grow
5
Q. Will your overall security budget increase, decrease or remain the same in the next 12 months compared to the past 12 months? AND Q. Please estimate your entire organizationâs
total annual budget for all information security products, systems, services and/or staff (including both CAPEX and OPEX) in the next 12 months.
Source: IDG Security Priorities Study, 2020
Expected Change in Budgets:
41%
6%
53%
Increase
Remain
the same
Decrease
Average annual
security budget:
$72.7M
Enterprise: $136M
SMB: $5.5M
Up from
$51.8M
in 2019
6. I D G C O M M U N I C A T I O N S , I N C .
Q U A L I T Y
M A T T E R S
Allocation of Security Budgets
6
Q. With the total equal to 100%, approximately what percent of your annual budget for IT security will be allocated to the following areas over the next 12 months?
Source: IDG Security Priorities Study, 2020
23%
19%
17%
12%
8%
7%
6%
5%
3%
Skilled staff On-premises
Infrastructure and
equipment
(hardware)
On-premises
Tools and
software
(software)
Cloud-based
security solutions
Consulting
services
Cloud-based
security
monitoring
services
Contracted
evaluation
services
External incident
response services
Other (travel,
conferences,
etc.)
7. I D G C O M M U N I C A T I O N S , I N C .
Q U A L I T Y
M A T T E R S
Increasing Spend on Authentication & Cloud
Data Protection
7
Q: Please describe how your companyâs level of spending in the following areas will change over the next 12 months.
Source: IDG Security Priorities Study, 2020
20%
20%
20%
20%
20%
21%
22%
22%
22%
24%
25%
27%
27%
28%
32%
71%
49%
60%
71%
44%
45%
51%
63%
65%
64%
62%
62%
46%
49%
57%
6%
5%
5%
5%
3%
5%
5%
5%
4%
4%
5%
5%
5%
4%
3%
1%
12%
6%
2%
14%
9%
7%
4%
3%
4%
2%
2%
8%
6%
4%
2%
15%
9%
2%
20%
19%
15%
6%
6%
5%
6%
5%
13%
13%
5%
Anti-virus/malware
Container security
Data Loss Prevention (DLP)
Firewalls
Zero trust technologies
Cloud access security brokers (CASBs)
Behavior monitoring & analysis
Endpoint detection and response
Identity management systems
Security education/Awareness training
Application monitoring
Access controls (network, data)
Cloud-based cybersecurity services
Cloud data protection
Authentication (multi-factor/strong authentication, role-based)
Increase Remain the same Decrease This is a new category for our organization Potential new investment area in the future
8. I D G C O M M U N I C A T I O N S , I N C .
Q U A L I T Y
M A T T E R S
8
Continue the Conversation
To get results from IDG research when it happens, or any
other news, follow us on Twitter: @IDGWorld
ADDITIONAL WAYS TO STAY ON TOP OF INFORMATION FROM IDG :
Sign up to receive our monthly marketing
newsletter at www.idg.com/newsletters/
Visit us on LinkedIn here:
www.linkedin.com/company/international-data-group--idg-
To receive a briefing on the full results from this study, or for more information, please
contact your IDG sales executive or contact us.
For more information on content marketing and lead nurture, explore our resources on
this site under marketing tools. We have additional primary research, blogs and white
papers to make you smarter about tech decision makers, and targeted products and
programs to help you reach them!