A report published today from Forbes Insights with BMC Software, Inc. found that new digital business initiatives and the further embracing of new technologies are challenging enterprise cybersecurity teams. The good news is that digital transformation is spreading security responsibilities beyond cybersecurity teams.
The survey consisted of 308 C-level executives, VPs, and SVPs in North America and Europe fielded in the fall of 2016. All respondents represented companies with at least $100 million in annual revenue; 26% were from companies with revenue between $1 billion and $5 billion; 24% had revenue of $5 billion or more.
One highlight from the report won’t be a surprise to DevOps.com readers, as they’ve seen firsthand for years the continued blending of development teams, operations teams, and security teams – a slim majority, 52%, of respondents indicated that accountability for security breaches has increased for operations teams.
As we’ve covered, enterprises are moving swiftly in their digital transformation efforts, the survey found that that 69% of senior security and IT executives say digital transformation is forcing fundamental changes to existing cybersecurity strategies. And, of course, as always, financial and customer information, brand reputation, intellectual property, and employee information are all critical assets to protect. However, more executive leadership is waking to the dangers posed by public clouds – with 65% of respondents saying that that public clouds have the biggest security implications.
According to the survey, as “digital transformation pushes IT and security leaders to reevaluate their cybersecurity strategies, it is also impacting overall enterprise spending priorities. Seventy-four percent of CIOs and CSOs say security was a higher priority in 2016 than in the previous year,” the report said. And “a decisive 82% of executives plan to invest more in security in the coming year, recognizing that company boards are more willing to increase in security investments if proposals come with solid business cases,” it said.
Here are the key report takeaways, according to the report authors:
- 69% of senior executives say digital transformation is forcing fundamental changes to security strategies
- 64% will boost spending to protect against known security threats
- 43% will make timely patching and remediation a higher priority in 2017
- 68% plan to enhance incident response capabilities in the next 12 months
- Operations teams are seeing heightened accountability for security breaches
- 72% believe line-of-business managers must take a greater role in developing security strategies
- Nearly half of enterprises will combine security and operations personnel into teams for fortifying mission-critical applications
The study concluded with the following leadership cybersecurity action plan (with more details in the report). Enterprises need to:
- Create a modern cybersecurity strategy backed by a solid business model.
- Redouble efforts to secure mission-critical assets.
- Improve organizational effectiveness by investigating new reporting structures.
- Develop an enterprise-wide culture of security.
- Shift thinking from safeguarding applications to securing the data itself.
Last year in the story It’s Time to Couple Security, Business Leadership we covered how crucial it is for executive leadership to back enterprise cybersecurity efforts, because how unpopular necessary security decisions can be at times, such as slowing the release of a new service, requiring more tests or through suggesting alternative ways of doing things that may mitigate risks.
It’s good to see more enterprise executive leadership coming to the same understanding.