COVID-19 changed the way people work as organizations accelerated their digital transformation strategies in response to stay-at-home orders. As of August 2020, 50% of the global workforce now works from home, representing a 114% increase. At this point in 2020, it is a truth universally acknowledged that a CISO in possession of cloud technologies must be in want of a security budget for 2021. However, understanding what investments matter and the likelihood of getting the senior leadership team and Board of Directors to approve the budget can feel daunting, particularly amid the current economic turmoil. With that in mind, SecurityScorecard partnered with CyberEdge for a look at COVID-19’s impact on enterprise security teams can give some insight into what leaders can expect.
1. More money (hopefully) less problems
If one thing exists in 2020 to be pleasantly surprised about, it’s that IT security operating budgets have not stalled. Globally, they increased mid-year, ranging from a lot of 2.2% in Germany to 7.7% in France. Similarly, all industries experienced similar mid-year increases, ranging from 2.9% for the Utilities industry to 6.5% for the Telecom industry.
Looking forward to 2021, 63.5% of security professionals expect their operating budget will increase. Globally, the projected increases range from 4% in Germany to 7.9% in the US. Individual industries also projected increased budgets ranging from 4.7% for Government to 9.5% for Telecom.
In short, despite a global economic downturn, IT security remains a mission-critical priority.
2. Not home alone
Whether arising from COVID-19 protections or employee satisfaction levels, working from home seems to be the new model, at least in part. Using security professionals as a sample population, 33.3% of them would prefer to remain at home all the time, while 47.7% would like to continue remote work part of the time.
Over a few months, the number of Bring Your Own Device (BYOD) policies increased by 60%. While this enables workforce productivity and morale, it also leads to endpoint security concerns, particularly within organizations’ supply chain. While you know how your organization manages BYOD risks, you can’t control the way your vendors manage it.
Remote work may be here to stay, but security professionals need to find new ways to protect their IT ecosystems from partners and suppliers new to the BYOD party.
3. Ain’t no party like a third-party risk program
Nearly 75% of security professionals said that work-from-home increased their third-party cybersecurity risks. Globally, the increase ranges from a 52.3% increase in Japan to an astounding 84.9% increase in Canada. Meanwhile, the Utilities industry saw the lowest percentage increase tagging in at 60.7%, and Government saw the highest percentage increase at 82.9%.
With so little positive news in 2020, the report provides a small ray of sunshine, noting that 94.3% of enterprises have a formal third-party risk management program. However, despite that good news, 47.3% of organizations using third-party risk management automation disagreed or had no opinion regarding the effectiveness of their tools/platforms enabling them to do more with fewer resources.
In other words, although many organizations have tools that help them manage vendor risk, almost half believe that their tools provide little operational efficiency benefit, leaving teams working harder rather than smarter.
4.Get SaaS-Y about security
With organizations moving their mission-critical data and applications to the cloud, many pundits projected that security spending would trend towards cloud-based solutions. According to the research, they were correct.
75.1% of responders indicated a moderate or strong increased preference for cloud-delivered security solutions. Global responses varied little, with a 7.2 percentage point difference between Germany at the low end and Canada on the high end of the range. However, a look at the difference in industry preference gives some fascinating insight into how each one manages data.
The current technology stack might account for some of the preferences by industry. For example, the Government indicated a 63.2% preference while Education topped out at a 67.9% preference for cloud security services. Both these verticals are often saddled with cumbersome, legacy, on-premises technologies and limited budgets. Meanwhile, the Manufacturing industry indicated an 83.3% preference and Utilities an 80% preference for cloud-based security services.
SecurityScorecard: Cloud-delivered third-party vendor risk monitoring for enhanced security
SecurityScorecard’s security ratings platform provides the most data-rich, continuous monitoring platform on the market. With over 1.5 million companies rated and continuously monitored, our cloud-based platform can detect over 10 billion vulnerabilities and monitors more than 10 million infected IPs over 200 malware families.
We monitor supply stream risk across ten categories of risk factors, including IP reputation, DNS health, endpoint security, web application security, and network security. SecurityScorecard provides measurable value for organizations, streamlining repetitive tasks and enabling customers to optimize their security investments.