Despite sizable increases in their cybersecurity investment, greater board visibility and increased collaboration between the security team and the C-suite, less than half of respondents (43%) say that they are protecting critical data and assets from threat. Moreover, a large majority report being either unprepared or only “somewhat prepared” to respond to major threats, such as identifying and mitigating threats and areas of concern (62%), recovering from cyberattacks (61%) or preventing lapses and breaches (63%). When asked to name the top three cybersecurity challenges their organization is facing, migrating and operating apps to the cloud led the way (45%), followed by a shortage of workers with cybersecurity skills (39%), and a lack of visibility of vulnerabilities across all infrastructure (38%).
“As more and more organizations migrate their IT infrastructure away from data centers and advance their cloud transformation initiatives, they are increasing attention on how these changes can impact their security posture,” said Karen O’Reilly-Smith, Chief Security Officer, Rackspace Technology. “As the survey results demonstrate, cybersecurity continues to be far and away the leading business concern and a major focus of IT investment, but with talent at a premium, more organizations are looking outside their four walls for guidance in this new cloud-first world.”
Cloud Security Leads Investment Priorities
Despite the economic challenges brought about by the pandemic, organizations show no sign of decreasing their investment in cybersecurity, with 70% of survey respondents reporting that their cybersecurity budgets have increased over the past three years. The leading recipients of this new investment are cloud native security (59%), data security (50%), consultative security services (44%) and application security (41%). According to the survey, cloud native security is also the area where organizations are most likely to rely on an outside partner for expertise.
These investments align closely with the areas where organizations perceive their greatest concentration of threats, led by network security (58%), closely followed by web application attacks (53%) and cloud architecture attacks (50%).
“We are seeing a major shift in how organizations are allocating resources to address cyberthreats, even as budgets increase,” said Gary Alterson, Vice President, Security Solutions at Rackspace Technology. “The cloud brings with it a new array of security challenges that require new expertise, and often reliance on external partners who can help implement cloud native security tools, automate security, provide cloud native application protection, offer container security solutions and other capabilities.”
Security Teams and the C-Suite
The survey also looked closely at the relationship between security teams, boards and C-suite executives. 70% of respondents say there has been an increase in board visibility for cybersecurity over the past five years, while 69% cite better collaboration between the security team and members of the C-suite. Only 13% of respondents said there were significant communications gaps between the security team and C-suite, while 69% of IT executives view their counterparts in the C-suite as advocates for their concerns.
“It is gratifying to see that IT security and leadership teams have made strides in eliminating silos and facilitating better communication and preparedness plans around threats and priorities,” commented Jeff DeVerter, Rackspace Technology Chief Technology Evangelist. “Overall, companies are much more sophisticated about cybersecurity, and better understand they where they face challenges. At the same time, given the dearth of IT talent and the new skill sets that the cloud requires, they also understand where they need guidance.”