Business leaders on IT security: The biggest challenge is personnel
Cybersecurity in companies has become even more important in the recent past due to various factors. These include technological developments or the growing complexity of IT infrastructures. But also those factors that are characterised by agile and mobile working, home office availability, the professionalisation of cybercrime as well as an intensified international threat situation are having an increasing influence. The results of a current management study by Sophos show that (as is currently the case with almost all occupational fields and IT in particular) the specialist area of IT security is naturally also suffering from a severe shortage of skilled workers. But the corporate decision-makers surveyed in the DACH region also see challenges in other areas.
Personnel is the biggest problem, and in Austria also external consulting.
When asked what challenges they see in ensuring cyber security in their company, the management levels surveyed in all three countries cited the availability of personnel most frequently. In Austrian companies, the difficulties in finding qualified personnel were mentioned most often with a frequency of 69.8 percent, in Germany with 62.7 percent and in Switzerland the value was lowest with 58.8 percent. Around one-third of all companies also call in external consulting services in the form of MDR services, for example, to professionalise their cybersecurity. In Austria, in particular, there also seem to be challenges in this regard. While only 11.8 percent of the Swiss and 13.9 percent of the German company managements state that they see difficulties in the availability of external consulting services, in Austria this is the case for as many as one third (30.2 percent) of the respondents.
Bosses fear impediments to work processes due to IT security
IT security solutions could slow down systems and workflows - this prejudice remains constant in the executive floors. 45.1 percent of the Swiss and 40.3 percent of the German respondents stated that, from their point of view, the impairment of work processes is one of the challenges in ensuring and implementing cyber security. In Austria, only 28.3 percent named this. Two aspects of the modern working world are seen by the bosses as challenges for the implementation of IT security. In Austria, 45.3 per cent of respondents expect difficulties in coordinating this task with the modalities of home office solutions when it comes to ensuring cyber security. In Germany, 39.8 percent cast a critical eye on this, in Switzerland it is 35.5 percent of the respondents. Agile methods have become an indispensable part of modern working life. Are the available security solutions flexible enough to keep pace with agile business? As many as 42.8 per cent of the German, 41.5 per cent of the Austrian and 39.2 of the Swiss respondents expressed doubts here.
Often still old prejudices against IT security
"The figures regarding workflows and flexibility for agile workflows make it clear that an outdated and traditional image of IT security based on rigid structures often still prevails in executive floors," says Michael Veit, cybersecurity expert at Sophos. "However, modern cybersecurity solutions offer exactly the opposite and are characterised by their modular and flexible handling, both in terms of architecture and everyday use. Technologies such as Zero Trust, Managed Security Services or even adaptive cybersecurity ecosystems nowadays enable flexible working, where the user is not even aware of the IT security processes in the background."
Investments at a constant level - exact data not known, Switzerland in the lead here
Asked whether investments have changed in the last two years, a majority of respondents in Germany (57.2 per cent) and Austria (52.8 per cent) and 45.1 per cent in Switzerland say that investments have remained at an unchanged high level. At 47.1 percent, and thus the most, Swiss company managements stated that they had increased investments in the last 24 months. In Germany (34.8 percent) and Austria (32.1), a good third invested more in IT security. 13.2 per cent in Austria, 7.8 per cent in Switzerland and 7.5 per cent of the managers surveyed in Germany could not give any information on this. It was rather difficult for the management levels to quantify the exact share of expenditure on IT security, certainly not least because of the complexity within all cost factors for IT. This is particularly true in Switzerland. Here, almost half (49 per cent) of the respondents said that it was impossible to quantify. 36.3 percent of respondents from German companies were unable to name the share of IT security in IT expenditure, in Austria it was 30.2 percent. Otherwise, investments in cyber security in DACH are distributed as follows: In Germany, 20.9 percent of companies spend 5 to 9 percent of their expenses on IT security, 14.4 percent invest 10 to 19 percent. In Austria, 28.3 percent spend 10 to 19 percent on IT security and 13.2 percent of the companies surveyed even spend 20 to 29 percent. In Switzerland, the picture is as follows: Here, 19.6 percent of the companies spend 5 to 9 percent on cyber security and 13.7 percent even invest 20 to 29 percent of their budget in this important area. About the survey On behalf of Sophos, Ipsos surveyed 201 C-level managers from the retail, service and manufacturing sectors in Germany and 50 each in Austria and Switzerland on the topic of IT security in their companies.