Senior corporate leadership attention doesn't translate into more money for security


Even though more than three-quarters of senior corporate leadership at enterprises view IT security as "very" or "critically" important, 20 percent or less of most IT budgets are devoted to security and that situation is not expected to improve much this year.

These were some of the findings of a survey of more than 400 IT personnel by TechValidate on behalf of open source enterprise software provider Red Hat.

In fact, close to half of respondents said their company does not plan to increase their security budgets this year, with some even saying security budgets will be cut.

"This is the Catch 22 around security. People are expected to do more with the same. … The expectations continue to increase but the budgets do not," lamented said Josh Bressers, security strategist at Red Hat.

The survey also found that loss of customer trust is the top business concern when it comes to data security at 47 percent, followed by damage to company brand at 22 percent, inability to access data and resources at 19 percent, and finally revenue loss at 12 percent.

"Customer trust came in well ahead of everything else. We were not expecting this. When you think about security, revenue and brand seemed to be the two that we've assumed that people are concerned about," Bressers told FierceITSecurity.

Despite senior leadership concern about security, less than half of companies install security updates weekly or more frequently, according to the survey. And 13 percent wait to do updates quarterly, potentially leaving vulnerabilities in their software exposed for months.

Regular software patching is a basic security best practice that is critically important for enterprises to maintain security of their software and data.

Related Articles:
Can IT security pros handle pressure?
IoT security is going to cost you, warns Gartner
Spotlight: CISOs finally getting some respect from C-suite