Companies recognize the need to invest in digital security

Global digitization is progressing unstoppably, sensitive business information is stored digitally and exchanged across countries. Global networks and technological progress continue to develop at high speed. Cyber ​​risks are increasing and cyber security is becoming a requirement for companies and institutions.

With the increasing complexity of corporate information networks and the increasing number of security threats, cyber security is becoming more and more important – and is seen by corporate management as a strategic priority, as the recently published Horváth study “Adaptive IT 5.0” clearly shows. For this purpose, 350 companies were surveyed for the fifth year in a row – on the interlocking of business with the IT organization, the role of the CIO and the CISO and the resulting fields of action in the area of ​​digital security within the next three years.

Cyber ​​security has been recognized as a trend – there are still problems when it comes to implementation

Although IT and cyber security are very high on the management agenda, only half of the companies have implemented the necessary measures, as the study shows. However, 90 percent of those surveyed recognize the need to catch up and are planning massive investments in this area.

Companies are working flat out on cyber security strategy and control

Fields of action IT and cyber security today and in three years.

Fields of action IT and cyber security today and in three years.(Image: Horvath)

READ:  Kaseya Struggles with Consequences of VSA Attack

While currently less than 60 percent of the companies surveyed have integrated the topic of information security as a central component of their corporate strategy, more than 90 percent plan to implement this in the next three years and to define a closely linked IT security strategy derived from it. The study also shows that just over half (55 percent) of the companies have implemented a systematic information security management system (ISMS).

The role of the CISO is becoming more strategic and meaningful

The role of the Chief Information Security Officer (CISO) is already firmly established in the majority of companies. However, more than 90 percent assume that this role will continue to gain in importance in the future. As those primarily responsible for information security and protection against cybercrime, the scope of tasks for CISOs is becoming increasingly larger, more complex and more strategic. Compared to today (48 percent), they will therefore increasingly report directly to the management (+33 percent) in the future.

Professionalization of operational cyber risk management is essential

But not only the importance of the CISO role is intensifying. The companies surveyed for the study also recognize the need to professionalize operational cyber risk management.

Compared to today (57 percent), around 90 percent want to carry out a systematic cyber security threat analysis in the future in order to be able to optimally prepare for possible dangers. This also includes the operation of a professional Security Operation Center (SOC) for the identification, analysis and handling of IT security incidents. Although less than half of the respondents have an SOC today, almost 90 percent want to introduce one in the next three years. Following on from this, only around two-thirds (62 percent) have now defined the necessary measures and emergency plans for IT security incidents. However, over 90 percent of companies want to massively increase their ability to react in order to be armed against the possible dangers in a digital business world.

READ:  How Online Education Platforms Protect Students’ Data?

Cyber ​​resilience as a prerequisite for sustainable corporate success

The Horváth study “Adaptive IT 5.0” shows that IT and cyber security is a top issue for companies. Driven by digital transformation, geopolitical crises and trends such as cloud computing, there is an enormous need for investment in IT and cyber security. In addition to organizational issues, a comprehensive IT security strategy with derivation of threat scenarios and consistent operational cyber risk management must be established and professionalized. The creation of cyber resilience is becoming a basic requirement for sustainable corporate success.