Digital threat scenarios in the viewfinder
of business and IT
In Germany, Switzerland and Austria, both the business as well as information technology professionals in companies consider IT security as being absolutely business critical. That is the attestation of an independent study by the Lünendonk market research institute about the topic of IT security and risk management.
Enterprises are increasingly exposed to cyber risks such as ransomware, other malware or direct hacking attacks. At the same time, digital transformation is high on the strategic agenda of many companies.
IT security is business critical and the threats are real
Consequently, it is not surprising that many of the surveyed companies consider IT security and risk management as business critical and rate it as 9.2 on a scale of 1 to 10 (where 1 represents the lowest priority).
On average, the participants rate the threat situation for enterprises in their branch as 8.4 on a scale of 1 (none) to 10 (very high). 58% of the IT decision makers award it the highest rating. Even 45% of non-IT decision makers rate it at the very top. It is equally clear to the survey participants that the importance of IT security and risk management is continuing to increase from the business perspective.
Change of the value chain and digital transformation
For the participating IT and business decision makers, «change of the value chain» (7.6 out of 10) and «digital transformation» (7.5 out of 10) strategically take top priority. Many companies have already started with the digital transformation of their business. This is also reflected in the implementation rates of projects to introduce important enabling technologies such as «mobile internet» (46% implementation rate) or «cloud technology» (39%).
Specific implementation as the greatest challenge
For 81% of those in IT security management positions, the «enforcement of security standards in the business» (including transnationally) is currently the greatest security challenge. Second place goes to «business users lacking security awareness», which poses a problem for 75% of IT decision makers.
Substantially more than half the companies complain about «missing information about the value of the data and processes at risk» (value at risk). To put it in exaggerated terms, these companies don't really know which values they should protect or where the values are assimilated and stored by the processes and databases.
Two thirds of the surveyed IT and IT security decision makers report that they see how having too little of the relevant information produces the challenge of «detecting significant attacks and security flaws in the flood of information at an early stage». Due to very technically oriented IT security strategies, it is hardly possible for companies to succeed in establishing correlations between the technical events and real threats to the business.
Integrated visibility and automation are desperately needed
For IT security, the importance of external partner ecosystems has greatly increased in recent years. The backdrop of this development is not just the ever-growing number of hacking attacks, malware and corporate espionage, but also the increasing proficiency of the attacks. Additionally, the complexity of the IT and process architecture that needs to be protected has greatly increased. At the same time, security flaws need to be detected and remedied faster and faster – with the increasing internationalization of the attacks to consider.
In the course of the digital transformation, it will be necessary to achieve integrated visibility both at the technology level and at the business-process level in a security operations center (SOC), which will need a higher level of automation. If analytics tools and more automation are not deployed, the complexity will quickly spiral out of control.
Analogous to other areas of IT, external security services are considered as an inherent part of the IT security strategy. The interviewed enterprises plan to continue expanding their use of security services. Managed services are currently being used by 27% of the interviewed enterprises. They cover topics such as managed firewalls, managed VPN and proposals for a managed security operations center (managed SOC).
(pdf in german)
For the Lünendonk 2016 trend study «Digital threat scenarios in the viewfinder of business and IT», representatives from 258 enterprises in Germany, Austria and Switzerland (using telephone assisted interviewing) were interviewed between July and end of August 2016.
The target group was made up of decision makers from enterprises that had 500 to 3'000 employees (52%) and from those that had more than 3'000 employees (48%). The survey was cross-sectoral. It was supported by Open Systems, KPMG, HP Enterprise, NTT Security and Unisys.