Cybersecurity budgets surge but confidence gaps persist
Ivanti's latest Risk Communications report indicates a notable increase in cybersecurity budgets for 2024, with 71% of security professionals confirming a rise. This comes in response to a significant uptick in cyberattacks, the report states. Despite this increased investment, a disconnect between business leaders and IT professionals concerning their confidence in organisational cybersecurity remains.
According to the report, 60% of leaders outside the IT sector express a high level of confidence in their company's ability to fend off damaging security incidents. However, only 46% of IT professionals share this sentiment. This discrepancy suggests that non-IT leaders might be underestimating the growing severity of cybersecurity threats.
Dr Srinivas Mukkamala, Ivanti's Chief Product Officer, highlighted the potential exacerbation of security threats due to artificial intelligence (AI). "95% of IT and security professionals believe security threats will be more dangerous due to AI," Dr Mukkamala commented. Despite this concern, nearly one in three security and IT professionals currently have no documented strategy in place to address generative AI risks.
Further findings from the report reveal a significant gap in understanding vulnerability management between IT and non-IT leaders. More than half (55%) of IT and security professionals stated that their non-IT counterparts do not fully grasp the intricacies of vulnerability management. Additionally, 47% of non-IT leaders acknowledged a lack of high-level understanding in this area. Changing leadership priorities were cited by over one in four IT professionals as undermining patch management, which is a critical component of vulnerability management.
When it comes to the perception of cyber risks, discrepancies also exist between IT professionals and executive leaders. Non-IT executives are more likely to focus on financial, legal, and reputational impacts. For instance, 24% of executive leaders consider the reputational impact of cyber risks to be high, compared to only 15% of Chief Information Security Officers (CISOs).
Mike Riemer, Field CISO at Ivanti, stressed the importance of CISOs in communicating the true risks organisations face. "The role of the CISO is to effectively communicate the true risk that their organization faces and understand how different types of security incidents can impact the organization now more than ever," Riemer stated. "The threat landscape is growing increasingly volatile and unpredictable, and CISOs are tasked with enabling employees to remain productive and secure."
Riemer also noted the elevated discussion of cybersecurity at the board level, emphasizing its importance for organisational success. The report offers strategies for CISOs to quantify the impacts of security events on other business functions, manage cybersecurity risks through effective vulnerability management, and secure long-term executive buy-in for their vision.
The methodology for Ivanti's report is based on data collected from two surveys conducted in late 2023 and early 2024, examining the perspectives of 16,200 individuals, including executive leaders, IT professionals, security personnel, and office workers. Specifically, the report focuses on findings from 3,059 leaders, IT professionals, and security experts surveyed across these studies.