Security top concern - and top investment priority
High profile cyber-attacks have got Australia’s C-suite sitting up and taking notice, with security now top concern across all areas of the third platform technology, says IDC.
The research analyst firm says for the first time, Australian CIOs have cited security as their top concern across all areas of IDC’s third platform technology pillars of big data, mobility, cloud and social for business.
And they’re apparently prepared to put their money where their mouth is, with the IDC Australian Security Heat Map 2015 showing that security is a top priority of investment in Australia.
Lydie Virollet, IDC software and security market analyst, says with a fast-evolving threat landscape and Australia being one of the top target countries for attackers, Australian companies must invest in security to protect their intellectual property and other assets.
“This investment needs to be strategic and will primarily be targeted at protecting the network and sensitive data through a combination of integrated solutions,” Virollet says.
The Australian Security Heat Map 2015 also shows demand for managed security is growing, and data loss prevention is the key security issue to be addressed in 2015.
The report also highlights that a proven track record of IT vendors is more important than their security expertise.
IDC says a plethora of recent high profile global security breaches has raised the stakes, causing Australian executives to reconsider the exposure and risk associated with corporate assets.
“Security is now a boardroom discussion,” IDC says. “In parallel, CIO’s are reassessing security requirements across technology, people and process to meet the needs of a borderless enterprise and the increasing value placed on data.”
IDC suggests three steps to take control of IT security, starting with making an assessment of the security solutions already in place.
“Most companies have contracts with an average of 40 security vendors,” IDC says. “Establish an action plan based on the attack surface.”
Companies then need to establish and anchor a security budget that includes contingency funds as part of the IT strategy, selling it to executives as an ongoing asset risk management initiative, IDC says.
“Risks must be prioritised to adequately address relative to the organisation industry risk profile.”
IDC says security vendors or services supplier should be chosen based on their track record in the country within the same industry vertical and its risk management expertise.