Annual security professionals survey shows that budgets grow slower than rising threat levels

Published: Wednesday, 07 August 2019 08:09

A lack of resources is the single biggest challenge for IT security, followed by a lack of experience and skills, according to ‘The Security Profession in 2018/19’ report from the Chartered Institute of Information Security. 

At least 45 percent of respondents chose a lack of resources as their biggest challenge: compared to 37 percent for a lack of experience, and 31 percent for a lack of skills. Ultimately, security professionals feel their budgets are not giving them what they need: only 11 percent said security budgets were rising in line with, or ahead of, the cyber security threat level, while the majority (52 percent) said budgets were rising, but not fast enough. 

Professionals were also clear about where threats originate. Overwhelmingly, 75 percent perceived ‘people’ as the biggest challenge they face in cyber security – with processes and technology near-equal on 12 and 13 percent respectively. This may explain the need for more resources even as budgets increase: people are a far more complex issue to deal with. Yet at the same time, there are signs of improvement. More than 60 percent of IT professionals say that the profession is getting better – or much better – at dealing with security incidents when they occur, with only 7 percent saying the profession is getting worse. Conversely, less than half (48 percent) of respondents felt the industry is getting better at defending systems from attack and protecting data, with 14 percent saying the profession is getting worse. This suggests an ongoing move in the industry – from focusing on prevention, to an all-encompassing approach to security.

The innovation predicted to have the greatest effect on security in general was AI and machine learning technology – suggesting this is an area for organizations and individuals to target their skills development.

The full report can be read here.