Change is happening, and in respect to budgets, change is expected to happen fast.
Change is happening, and in respect to budgets, change is expected to happen fast. Almost three-quarters (79%) expect cybersecurity budgets to be impacted within the next six months if not sooner (21% believe “immediately”), though not all think budgets will be cut; some – indeed as many as a third (32%) – think investment will go up or at the worst, stay the same (24%).
COVID-19’s impact on cybersecurity budgets79%
of organizations expect cybersecurity budgets to be impacted within the next six months if not sooner.
Identity and access management, and data protection and privacy are both considered priority areas for an increase in spending, and outsourcing is being considered, notably in respect not only to data protection and privacy but also for risk, compliance and resilience.
Some 55% of businesses surveyed are considering (or would consider) outsourcing security operations as part of their cybersecurity strategy.
The findings tend to be consistent across geographies, sectors and roles, although there is a bias within smaller companies to prioritize security operations and architecture & engineering, and there is a marked difference between CISOs and CTOs in their attitude to outsourcing security operations: 44% versus 81%.
Security leaders rethink their outsourcing strategy55%
of organizations indicated that they would consider outsourcing security operations post-COVID-19.
So, are there any more longer lasting or even permanent changes in strategy and approach predicted following the COVID-19 pandemic? Certainly, security leaders expect their function to become even more important, with 70% believing there will be an increased focus on cybersecurity at the board/executive level, especially those in small companies, the Americas, and in the finance sector.
This is a notable shift from the pre-COVID-19 Global Information Security Survey 2020 that suggested only 43% of boards saw any value in the cybersecurity team, and that there was a distinct lack of any cybersecurity representation at the boardroom table.
A large majority (72%) – with a particular predominance of CTOs – expect that privacy will increase in value and importance with the introduction of surveillance mechanisms to track and manage the virus. In a related survey by PSB Research of 1,000 US consumers (April 2020), the findings suggest that consumers are especially reluctant to surrender their personal privacy, regardless of the challenges posed by the pandemic, and similarly not convinced that any such engagement will be for their own good. Well over three quarters (81%) are concerned about personal data privacy and more than two-thirds (68%) of respondents in the US believe their government should be able to bring the virus under control without them having to sacrifice their privacy.
Few respondents trust either their employer or their government with their personal data and this presents a significant challenge.
As companies start to address new opportunities in the privacy space, they should urgently prepare to address the tension between privacy and security. While 82% would have no issue with their employer checking their temperature every morning, only 11% would trust them with data concerning their health and only 14% with information about where they lived. It is a gap that will take a well-engineered bridge to cross.
As we emerge slowly into a post-crisis world, and a new normal, it will be interesting to see whether the cybersecurity teams’ predictions of an elevated status come true and are embedded beyond the short term. This is not yet clear. What is clear, however, is that there has never been a better time for CTOs and CISOs to demonstrate their worth and see their deserved place at the top table.
The survey was conducted between April-May 2020 and is based on 150 respondents from the Americas (66%), Asia-Pacific, Europe, Middle East, India and Africa (34%) regions. Respondents represented a broad range of industries including Technology (45%), Financial Services (18%) and Consumer Products & Retail (15%) among others (22%). The survey captured the views of Chief Information Security Officers (30%), Chief Information Officers (34%), Chief Technology Officers (17%) and other business decision makers (19%) in similar roles.
With the COVID-19 pandemic continuing to play out around the world, security leaders are trying to anticipate what will come next. We surveyed Chief Information Security Officers who told us that they are expecting an imminent change to their budgets, which will impact their strategies, investments and future priorities.