Remote Workforces Doubles, BYOD Adoption Skyrockets, and Understaffed Enterprise IT Security Teams Continue to Struggle with Pandemic Challenges
ANNAPOLIS, Md. – CyberEdge Group, a leading research and marketing firm serving the security industry’s top vendors, today announced the availability of a new survey report titled, ‘The Impact of #COVID-19 on Enterprise IT Security Teams.’ CyberEdge conducted a web-based survey of 600 enterprise IT security professionals from seven countries and 19 industries in August 2020 in an effort to understand how the pandemic has affected IT security budgets, personnel, cyber risks, and priorities for acquiring new security technologies.
Impacts from the work-from-home movement
Prior to the pandemic, an average of 24% of enterprise workers had the ability to work from home on a full-time, part-time, or ad hoc basis. As of August 2020, that number more than doubled to 50%. Many enterprises without existing bring-your-own-device (BYOD) policies were instantly compelled to permit employee-owned laptops, tablets, and smartphones to access company applications and data – in some instances without proper endpoint security protections.
Resulting IT security challenges
A 114% increase in remote workers coupled with a 59% increase in BYOD policy adoption has wreaked havoc among enterprise IT security teams. The top-three challenges experienced by enterprise IT security teams have been an increased volume of threats and security incidents, insufficient remote access / virtual private network (VPN) capacity, and increased risks due to unmanaged devices. Furthermore, an astounding 73% of enterprises have experienced elevated third-party risks amongst their partners and suppliers. Adding fuel to the fire, 53% of these teams were already understaffed before the pandemic began.
Healthy 2020 and 2021 IT security budgets
While most enterprises searched for ways to reduce overall operating expenses in 2020, 54% of those surveyed increased their IT security operating budgets mid-year by an average of 5%. Only 20% of enterprises reduced their overall IT security spending after the start of the pandemic. With regard to the impact of the pandemic on next year’s security budgets, nearly two-thirds (64%) of organizations plan to increase their security operating budgets by an average of 7%.
Increased demand for cloud-based IT security investments
Arguably the biggest impact that the COVID-19 pandemic has had on the IT security industry is an increased appetite for cloud-based IT security solutions. This is primarily driven by the massive increase in remote workers but may also be influenced by having fewer IT security personnel available on site to install and maintain traditional on-premises security appliances. Exactly three in four respondents (75%) have indicated an increased preference for cloud-based security solutions. The top-three technology investments to address pandemic-fueled challenges are cloud-based secure web gateway (SWG), cloud-based next-generation firewall (NGFW), and cloud-based secure email gateway (SEG).
Additional key findings
The CyberEdge report generated several other valuable insights, including:
- Reducing IT security personnel costs. Despite increased funding for cloud-based security technology investments, two-thirds (67%) of enterprise security teams were forced to temporarily reduce personnel expenses through hiring freezes (36%), temporary reductions in hours worked (32%), and temporary furloughs (25%). Fortunately, only one in six (17%) were forced to lay off personnel.
- Training and certification make a huge difference. Nearly four in five (78%) of those with IT security professional certifications feel their certification has made them better equipped to address pandemic-fueled challenges. Next year, enterprises anticipate increasing their security training and certification budgets by an average of 6%.
- Taking third-party risks seriously. The doubling of remote workforces has significantly increased third-party risks. As a result, 43% of enterprises have increased their third-party risk management (TPRM) technology investments. More than three in four (77%) are seeking technologies to help automate key TPRM tasks.
- Securing employee-owned devices. In an effort to secure employee-owned devices connecting to company applications and data, 59% of enterprises are providing antivirus (AV) software, 52% are investing in mobile device management (MDM) products, and 48 % are acquiring network access control (NAC) solutions.
- Security professionals enjoy working from home. Not surprising, four in five (81%) IT security professionals enjoy working from home. Once a COVID-19 vaccine is developed and the pandemic is over, 48% would like to continue working from home part-time while 33% would like to work from home full-time.
About the CyberEdge Report
In August 2020, 600 IT security decision makers and practitioners completed a 20-question online survey. Each participant was employed by a commercial or government entity with a minimum of 1,000 employees. Participants were derived from seven countries: United States, Canada, United Kingdom, Germany, France, Australia, and Japan. The CyberEdge ‘The Impact of COVID-19 on Enterprise Security Teams’ report is supported by leading information security vendors, including (ISC)2, Gigamon, SecurityScorecard, and Thycotic.
The CyberEdge report is available from all sponsors or by visiting the CyberEdge website at www.cyber-edge.com/2020-COVID-19-Impact-Report.
About CyberEdge Group
CyberEdge Group is an award-winning research and marketing consulting firm serving the diverse needs of information security vendors and service providers. Headquartered in Annapolis, Maryland, with 40+ consultants located across the United States, CyberEdge boasts more than 180 of the security industry’s top vendors as clients. For more information, visit www.cyber-edge.com.
The CyberEdge Group name and logo are trademarks of CyberEdge Group, LLC in the United States and other countries. All other trademarks and service marks are the property of their respective owners.