Kaspersky‘s report, ‘IT Security Economics’, looked to unveil what a typical cyber security department would look like within today’s enterprises, as a combination of IT and security functions brings a double-edged sword of speed and contradiction of the ‘segregation of duties’ principle.
While IT can make security practices more efficient, combining IT and security within a cyber security department often involves the same people being responsible for both day-to-day IT initiatives and the evaluation of corresponding security risks.
According to the Kaspersky research, only 20% of large companies have an in-house Security Operation Center (SOC), responsible for continuous monitoring and responding to security incidents.
16% of enterprises, meanwhile, said that they have dedicated threat intelligence teams, and 14% employ a dedicated malware analysis team.
However, 71% of all businesses expect investments into IT to grow in the next three years, and among them, 41% of enterprises are driven by a desire to improve internal specialists’ expertise, making it the second most common reason to increase the IT security budget.
To address multiple organisational setups and different priorities or strategies, Kaspersky has split its B2B offering into frameworks based on customers’ IT security maturity – Kaspersky Security Foundations, Kaspersky Optimum Security, and Expert Security.
How to demonstrate cloud security leadership
“The survey results show that enterprise cyber security departments may come in many forms,” said Sergey Martsynkyan, head of B2B product marketing at Kaspersky.
“It means that their needs and requirements also vary. With our framework approach, we not only help customers to protect against cyber attacks based on their current capabilities, and irrespective of business size, but we outline how they can strengthen their internal security expertise further looking forward.”
Kaspersky interviewed a total of 5,266 IT business decision-makers across 31 countries in June 2020. The full report can be found here.