IT Security: Concerns, budgets, trends and plans (TechRepublic Premium)
This archived TechRepublic Premium report, originally published in November 2013, is available for free to registered TechRepublic members. For all the latest research reports, 100+ ready-made policies, IT job descriptions, and more, check out TechRepublic Premium.
From the report:
Security is always a concern for IT professionals, so in October, TechRepublic Premium launched an online survey to ask about security concerns, budgets, trends and future plans.
There were 244 respondents from around the globe and from organizations of all sizes.
In particular, we asked about security concerns in 2013 and how they might differ in 2014.
Some things to note include that about two-thirds of the respondents said they are more concerned now with security, after media news reports of breaches and leaks. However, only large organizations with more than 1,000 employees are planning to improve IT security controls. Smaller companies are lagging behind in implementation of IT security controls.
Budgets were another hot subject. Small and medium-size businesses are either keeping the same budget next year or they are increasing it. Meanwhile, more large organizations are decreasing their security budget next year. The survey shows that security management outsourcing and maturing security programs are the likely reasons for this decrease.
One of the top concerns for businesses in 2014 will be Bring Your Own Device (BYOD). Lack of employee awareness in regard to social engineering attacks was the number one concern in 2013 but moved to second place for 2014, with BYOD taking the top slot.
Projects slated for next year indicate a continuing shift from security best practice management to information assurance management. The survey showed that 50 percent of respondents were focused on improving risk management processes in 2014, linking information resource protection to business objectives. This tends to move perspective from implementing best practices to designing security frameworks best suited for strategic and operational business plans.