IT security in 2016: Everyone cares. So what?

IT security is something that every enterprise cares about, at least when asked directly. But does this care actually translate into actions? And is the enterprise even focusing on the right things to care about? These were the questions that we sought answers to with a survey posed to 426 global IT decision makers and professionals around the world, administered by TechValidate.

While the survey provided a lot of data, some surprising and some expected, the results can effectively be grouped in 3 distinct buckets.

Few “new” IT vendors care about (security) hygiene

It sounds harsh, but with the advent of the Internet of Things (IoT), security is often an afterthought for most newly connectable devices. It shouldn’t be surprising; for example, sensor makers want to focus on building a better sensor, not a more secure sensor. But, for the enterprise, this is a significant concern.

Or it should be, in our view. Only 14% of respondents are concerned with unpatched or unpatchable devices, focusing instead on the risks posed by outside breaches (32%) and poor employee security practices (36%). While both of those issues are significant, good security starts with good “hygiene,” which is the block-and-tackle basics of regularly patching devices and software to prevent breaches. On the positive side, more than half of the respondents (67%) are deploying security patches at monthly intervals or better, limiting the threat window posed by known vulnerabilities.

Trust trumps revenue

When asked what the top security-related business concern was, nearly half of respondents (47%) didn’t point to revenue, brand negativity, or asset loss; they focused solely on the potential loss of customer trust. This marks an interesting turn in the security world. While protecting assets, including customer data, is critical. So, too, is ensuring that your customers trust you to protect these things.

High-profile breaches over the last 12-18 months showed just how fragile and fickle this trust can be, so it’s interesting to see that organizations are placing trust above simple asset and revenue recognition.

As always, do more with less

Finally, in a data point that will surprise no one--despite all of the high-profile breaches, new vulnerabilities, and executive statements on the importance of IT security--budgets remain the same. 81% of respondents are expecting, at best, a slight increase or for budgets to remain the same, with 61% highlighting that IT security is 15% or less of their organization’s total IT budget.

The end result here is that IT security remains top-of-mind within the enterprise. Unfortunately, even in the face of emerging issues and new exploits, the money to properly address these challenges, through training, new tools, and headcount, just isn’t there. The general trend of enterprise IT being expected to do more with the same budget, year-after-year, affects all infrastructure, including security.

To find out more, view the full results of the survey. If you’re attending RSA 2016, we’d be happy to talk to you about what Red Hat is doing to improve enterprise IT security. Come see us at booth #3038.