Available budget a major bottleneck to cyber security

Posted on 5 Feb 2019 by Jonny Williamson

With cyber security becoming increasingly critical for survival, half of IT decision-makers say that budget constraints are hindering efforts to protect their organisation’s networks.

Cybersecurity will become a more common worry in the shipping sector. Last year, the shipping conglomerate Maersk suffered a cyber attack that cost the firm between $250 million and $300 million - image courtesy of Depositphotos.
Budget constraints are limiting the use of new strategies, technologies and implementation practices – image courtesy of Depositphotos.

The time spent on cyber security is critical for both IT teams and the organisations they serve. The average IT worker spends a quarter of their own time just on security policy management, with around 40% of the team devoted to security policy management.

However, budget constraints are limiting the use of new strategies, technologies and implementation practices to make this foundational layer more efficient, to provide greater visibility, and to manage change as a network grows.

That’s the alarming finding of new research by BAE Systems Applied Intelligence. Taking in responses from IT decision-makers in both the US and UK, the research was conducted to better understand the decision-making process and behaviours that organisations are currently using, as well as their preferences for how to tackle current challenges.

The research indicates that the greatest network security challenges facing IT professionals are:

  1. Difficulty in simulating the impact of changes
  2. Ensuring that network security policy is being implemented as intended
  3. The time taken to update policy on all required devices

[With 65% of respondents facing difficulties in at least one of these areas]

Bottlenecks to objective achievement

The research found that staffing is another clear bottleneck for IT teams at organisations. As businesses implement security strategies, appropriate staffing must be considered for the best chances of optimal network security.

Furthermore, the issue of the skills gap arises in this finding, as many as 35% of organisations lack employees who have an adequate skill set to do the required job.

A variety of factors account for security team bottlenecks; 50% of organisations are limited by a lack of available budget to do the actual work, and 45% of respondents stated that achievements are not a high enough priority for the overall business.

Notably, 51% of organisations are unable to achieve their objectives due to requiring different tools from different vendors, or lack of staff overall.

[Click the below infographic for a larger version]

Small Version - BAE Systems Survey - Security Policy Management Infographic - cyber security