IT Policies Underfunded
IT security is underfunded, and that is a problem for IT professionals today. A new study by Kaspersky Labs found that not enough money is going toward corporate security plans to keep data safe. It is a continuing dilemma for IT professionals at midsize firms that must constantly balance resources against the need to remain competitive.
Kaspersky Lab's Global Corporate IT Security Risks 2013 survey, featured recently in Computer Weekly, found that 60 percent of IT professionals believe that there is not enough time or money available to effectively develop security policies. Less than 50 percent of the firms that took part in the global survey are confident that their security policies are organized to deal adequately with IT threats.
The survey also took a look at various sectors. Less than 30 percent of IT professionals working in the field of education felt confident about their IT policies. Meanwhile, 34 percent of those at government organizations felt they had sufficient resources and investments in IT security. Kaspersky Labs also found that 91 percent of firms had experienced at least one external IT security incident, and 85 percent had reported internal incidents in the past year.
Taking a Step
While many firms believe IT security is underfunded, Kaspersky Labs pointed out that taking a step such as securing mobile devices could significantly reduce risks. Yet the survey found that almost 50 percent of firms do not have mobile security policies in place. The survey found that the IT professionals who currently have mobile security policies do not believe that the resources in place are enough and complain that insufficient budgets exacerbate the problem.
IT security is especially important at growing firms where budgets, personnel and resources remain tight. While lack of funding may be a reality, it is important for IT professionals to communicate the importance of maintaining strict security policies. Enterprises traditionally have the bandwidth to overcome a data breach with money, time and resources to spare. Should a data breach occur at a growing firm, serious financial and PR damage could be very difficult to overcome. That is why IT professionals are tasked with comparing the cost of putting the right IT security hardware or software in place with the projected cost of a potential data breach. Investment in IT security lowers the many risks that can be detrimental to a midsize firm.
The right tools and consulting to build effective security policies take time and money. Kaspersky Lab's findings show many companies are underfunding their efforts to do things correctly. In this time, however, of increased mobility, bring-your-own-device policies, social business and growing cybercrime threats, midsize companies must set aside resources to keep their corporate data safe.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.