Despite increased investment and C-suite attention, most organizations are less than fully prepared to address major threats
Rackspace Technology announced that over half (63%) of Indian IT leaders cite cybersecurity as one of their C-suite’s top-three business concerns, ahead of issues such as meeting compliance requirements (53%) and supply chain/logistics management (45%).
Out of the 150 Indian IT Leaders, despite sizable increases in their cybersecurity investment, greater board visibility and increased collaboration between the security team and the C-suite, more than half of them (51%) say that they are managing cybersecurity risks from threat. However, a large majority report being either “fully-prepared” or “somewhat prepared” to respond to major threats, such as recovering from cyberattacks (51%) or identifying and mitigating threats and areas of concern (50%). When asked to name the top three cybersecurity challenges their organization is facing, migrating and operating apps to the cloud led the way (50%), followed by a lack of visibility of vulnerabilities across all infrastructure (47%) and security exposure created by legacy applications (44%).
“As more and more organizations migrate their IT infrastructure away from data centers and advance their cloud transformation initiatives, they are focusing increasing attention on how these changes can impact their security posture,” said Karen O’Reilly-Smith, Chief Security Officer, Rackspace Technology. “As the survey results demonstrate, cybersecurity continues to be far and away the leading business concern and a major focus of IT investment, but with talent at a premium more organizations are looking outside their four walls for guidance in this new cloud-first world.”
Cloud Security Leads Investment Priorities
Despite the economic challenges brought about by the pandemic, organizations show no sign of decreasing their investment in cybersecurity, with 87% of survey respondents reporting that their cybersecurity budgets have increased over the past three years. The leading recipients of this new investment are cloud native security (69%), data security (55%), infrastructure detection and response (51%) and consultative security services (44%). According to the survey, cloud native security is also the area where organizations are most likely to rely on an outside partner for expertise.
Adds Sandeep Bhargava, Managing Director of Asia Pacific and Japan (APJ), “Cyberthreats are continuously evolving in today’s environment, including in India, where visibility into security incidents across multicloud and hybrid environment is required. We are seeing a major shift in how organizations are allocating resources to address cyberthreats, even as budgets increase. It is critical, therefore, for companies to work with proven partners who bring a holistic security approach to strengthen and implement cloud native security tools, automate security, provide cloud native application protection, offer container security solutions and other capabilities.”
These investments align closely with the areas where organizations perceive their greatest concentration of threats, led by network security (61%), closely followed by web application attacks (53%) and cloud architecture attacks (53%).
Security Teams and the C-Suite
The survey also looked closely at the relationship between security teams, boards and C-suite executives. 76% of respondents say there has been an increase in board visibility for cybersecurity over the past five years, while 76% cite better collaboration between the security team and members of the C-suite. Only 7% of respondents said there were significant communications gaps between the security team and C-suite, while 75% of IT executives view their counterparts in the C-suite as advocates for their concerns.
“It is gratifying to see that IT security and leadership teams have made strides in eliminating silos and facilitating better communication about threats and priorities,” adds Sandeep Bhargava. “Overall, companies are much more sophisticated about cybersecurity, and better understand they where they face challenges. At the same time, given the dearth of IT talent and the new skill sets that the cloud requires, they also understand where they need guidance.”