IT Policies Underfunded

By | Sep 18, 2013

IT security is underfunded, and that is a problem for IT professionals today. A new study by Kaspersky Labs found that not enough money is going toward corporate security plans to keep data safe. It is a continuing dilemma for IT professionals at midsize firms that must constantly balance resources against the need to remain competitive.

Kaspersky's Findings

Kaspersky Lab's Global Corporate IT Security Risks 2013 survey, featured recently in Computer Weekly, found that 60 percent of IT professionals believe that there is not enough time or money available to effectively develop security policies. Less than 50 percent of the firms that took part in the global survey are confident that their security policies are organized to deal adequately with IT threats.

The survey also took a look at various sectors. Less than 30 percent of IT professionals working in the field of education felt confident about their IT policies. Meanwhile, 34 percent of those at government organizations felt they had sufficient resources and investments in IT security. Kaspersky Labs also found that 91 percent of firms had experienced at least one external IT security incident, and 85 percent had reported internal incidents in the past year.

Taking a Step

While many firms believe IT security is underfunded, Kaspersky Labs pointed out that taking a step such as securing mobile devices could significantly reduce risks. Yet the survey found that almost 50 percent of firms do not have mobile security policies in place. The survey found that the IT professionals who currently have mobile security policies do not believe that the resources in place are enough and complain that insufficient budgets exacerbate the problem.

IT security is especially important at growing firms where budgets, personnel and resources remain tight. While lack of funding may be a reality, it is important for IT professionals to communicate the importance of maintaining strict security policies. Enterprises traditionally have the bandwidth to overcome a data breach with money, time and resources to spare. Should a data breach occur at a growing firm, serious financial and PR damage could be very difficult to overcome. That is why IT professionals are tasked with comparing the cost of putting the right IT security hardware or software in place with the projected cost of a potential data breach. Investment in IT security lowers the many risks that can be detrimental to a midsize firm.

Future Security

The right tools and consulting to build effective security policies take time and money. Kaspersky Lab's findings show many companies are underfunding their efforts to do things correctly. In this time, however, of increased mobility, bring-your-own-device policies, social business and growing cybercrime threats, midsize companies must set aside resources to keep their corporate data safe.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

IBM Solution Security & Resiliency

IBM's IT security expertise can help medium-sized businesses develop, implement and maintain comprehensive strategies to combat ever-evolving security threats without increasing complexity, cost, or resources required for administration.

Learn More »

More on This Topic