Each July, the International Data Group (IDG) releases a survey of leading IT and data security professionals concerning the industry’s outlook for the upcoming year. The results from the 2019 survey weigh heavily on three major findings.
First, the cost of security is on the rise. 50% of respondents expect their security budgets to grow in the next twelve months. These increased costs are driven in part by the emergence and accessibility of cyber crime which can be a dynamic threat. The result of this dynamic threatscape is the necessity for more staff who are trained to detect breaches as well as more rigorous training programs for employees to prevent phishing scams. Investment in security infrastructure and training is a small price to pay when considering that the average cost of a data breach is $3.92 million and rising every year as regulations become tighter and the amount of data grows exponentially.
Providing proper security is a goal for both IT professionals and lawmakers, as evidenced by the emergence of new regulation aimed at safeguarding personal consumer data.
This brings us to the second major finding in IDG’s report: compliance with new regulation is a leading driver of security costs. 66% of respondents ranked compliance mandates as a security budget priority in the upcoming year. International, national, and state legislation has been minted to address concerns about the safety of consumer data and the way it is collected and used. Most notably, the California Consumer Privacy Act (CCPA) is set to go into effect on January 1st, 2020 and companies are getting ready. The new legislation affords individuals the right to personal data access and erasure, the ability to opt-out of data selling, and remediation for data breaches. Maintaining regulatory compliance poses a challenge, particularly for companies that span multiple states or that have international customers. Compliance can be costly and time-consuming; however, the cost of non-compliance can be staggering (e.g., British Airways’ $230M GDPR fine). All these factors weigh heavily on projected security budgets.
The third and final takeaway from this year’s IDG survey is that, as they look to the future, IT security executives are most interested in Zero Trust technologies. The basis of Zero Trust technology is the assumption that actors, systems, or services operating within a network should not be automatically trusted. Instead, these actors and systems should be continually verified as they move through a system while only being granted access to a segmented portion of the overall system necessary to fulfill a stated task. Zero Trust appears to consumers in the form of Multi-Factor Authentication and Push Notification Authentication. These features are combined with location as well as other data to authenticate a user before granting access. 47% of respondents said that Zero Trust technologies were on their radar or that they were actively looking to implement such technology. Zero Trust technologies are seen as a possible solution to data breaches that can cost companies billions in infrastructure repairs, regulatory fines, and customer outreach.
The IDG survey of IT security and risk executives is an important gauge of trends, threats, and emerging technologies. Understanding the concerns of these industry leaders can better prepare companies to meet the future of security head on. You can access the executive summary of the report here.