X
Information Security Trends
User Behavior is the Top Security Pain Point

 


About This Report: A February 2017 survey of 451 Alliance IT security professionals (n=539) focused on key information security trends, including overall spending, pain points and concerns, as well as a closer look at security budgets.

 

90-Day Spending. A total of 48% of respondents say their organization’s information security spending will increase over the next 90 days – up three points from the previous survey in November 2016. Only 3.6% say spending will decrease, a slight improvement from the previous survey.

Top Pain Point. Respondents were asked to select the top security pain points, and User Behavior (28%) topped the list followed by Lack of Budget (22%) and Malicious Software (21%).

Inadequately Addressed Security Threats. The internal problem of Preventing/Detecting Insider Espionage (26%) and the external threat from Hackers/Crackers with Malicious Intent (26%) top the list. Compliance (15%) and Cyber-warfare (14%) are second and third.

2017 Budget. On average, the total information security budget is expected to change 21% in 2017 compared to 2016. A closer look by company size shows that for companies with 250-999 employees that average is higher 30%, and for very large organizations that average is lower by only 14%.

By Tracy Corbo

Information Security Spending Trends

90 Day Spending. A total of 48% of respondents say their organization’s information security spending will increase over the next 90 days – up three points from the previous survey in November 2016.  Only 3.6% say spending will decrease, a slight improvement from the previous survey.

12 Month Spending Trends. Looking at IT security spending plans over the next 12 months compared to the previous year, indicates that while spending remains strong, 67% of respondents expect a spending increase that is down 4-pts from 71% in the previous survey.

Only 4% say spending will decrease, which is a two point improvement over the previous survey.

Security Pain Points and Concerns

Pain Points. Respondents were asked to select the top security pain points, and User Behavior (28%) topped the list followed by Lack of Budget (22%) and Malicious Software (21%).

A closer look at the top pain points by company size shows that User Behavior is a top concern across companies of all sizes – while other issues such as Endpoint Security present a bigger problem for smaller companies. In contrast, Cloud Security and Data Loss/Theft pose a greater threat for very large organizations.

Top Security Concerns. The top security concern over the last 90 days is Hackers/Crackers with Malicious Intent (59%, up 3 pts), which continues to top the list, followed by Compliance (unchanged from previous) and Internal Audit Deficiencies Based on Findings (32%, down 3 pts) is third.

Inadequately Addressed Security Threats. Respondents were also asked which security threat they believe is currently inadequately addressed within their organization. The internal problem of Preventing/Detecting Insider Espionage (26%) and the external threat from Hackers/Crackers with Malicious Intent (26%) top the list. Compliance (15%) and Cyber-warfare (14%) are second and third.

Security and Hosted Cloud

Taking a look at security technologies and hosted cloud, respondents were asked several questions with regard to their approach to security in hosted cloud deployments.

Type of Security. Currently, the most common security technology used for hosted cloud deployments is Endpoint Security (76%) followed by Firewall (69%) and Encryption (63%).

Responsibility for Security. According to Daniel Kennedy the Research Director for Information Security for 451 Research’s Voice of the Enterprise (VoTE), “Responsibility for hosted cloud security from the console up typically falls to the enterprise. In fact, that’s sometimes a source of confusion, that contractually you’re (as an organization contracting a cloud service) responsible for the security of what you install in or on top of the cloud stack.”

According to respondents, the primary responsibility for security in hosted cloud environments falls to the IT Department (54%) and Information Security Department (26%). Only 8% is attributed to The Cloud/MSP.

It is interesting to note that responsibility is evenly split (41% each) between IT and the Information Security Department in organizations with over 10,000 employees.

Security Assessment. When it comes to securing or evaluating a hosted cloud provider for information security, 65% of respondents depend on controls provided by the cloud provider, while another 40% perform due diligence exercises and 37% perform vulnerability assessments.

Security Budget

2017 vs. 2016. On average, the total information security budget is expected to change 21% in 2017 compared to 2016. A closer look by company size shows that for companies with 250-999 employees that average is higher 30%, and for very large organizations that average is lower only 14%.

Budget Distribution. Looking at the distribution of the security budget now and in two years, it appears to remain fairly consistent with current patterns. People including Employees, Contractors, etc. is the top budget item followed closely by Third-party Supplied Software Security Tools. Only Third-party Supplied Security Services including Managed Security Services Providers (MSSP) is expected to improve 3-pts to 15% in two years.

You can access a PDF version of this 451 Alliance report here.

If you have any questions about your 451 Alliance membership, please contact 451Alliance@451Research.com
451 Research, LLC does not make any warranties, express or implied, as to the information presented in this report.

Appendix: Definitions