IT security: personnel as the greatest challenge
Modern IT security that meets all challenges is a mammoth task for IT departments. How do the management levels in German, Austrian and Swiss companies feel about this? The IT security service provider Sophos has investigated this in a study.
Cybersecurity in companies has become even more important in the recent past due to various factors. These include technological developments or the growing complexity of IT infrastructures. However, those factors characterized by agile and mobile working, home office availability, the professionalization of cybercrime and an intensified international threat situation are also having an increasing impact. The results of a recent management study by Sophos show that (as is currently the case with almost all occupational fields and IT in particular) the specialist area of IT security is naturally also suffering from a severe shortage of skilled workers. But the corporate decision-makers surveyed in the DACH region also see challenges in other areas.
The staff is where it gets stuck the most
Asked what challenges they see in ensuring cybersecurity in their company, the management levels surveyed in all three countries cited the availability of personnel most frequently. In Austrian companies, the difficulty of finding qualified personnel was cited most often, with a frequency of 69.8 percent; in Germany, the figure was 62.7 percent, and in Switzerland, the figure was lowest at 58.8 percent.
Around one-third of all companies seek additional external consulting services to professionalize their cybersecurity in the form of, for example. MDR Services in addition. In Austria, in particular, there also seem to be challenges here. While only 11.8 percent of Swiss and 13.9 percent of German company managements state that they see difficulties in the availability of external consulting services, in Austria this is the case for as many as one third (30.2 percent) of respondents.
Bosses fear IT security impeding workflows
IT security solutions could slow down systems and workflows - this prejudice is constant in management floors. 45.1 percent of Swiss respondents and 40.3 percent of German respondents said that, in their view, disrupting workflows is one of the challenges in ensuring and implementing cybersecurity. In Austria, only 28.3 percent named this.
Two aspects of the modern working world are also seen by bosses as challenges for the implementation of IT security. In Austria, 45.3 percent of respondents expect difficulties in coordinating this task with the modalities of home office solutions when it comes to ensuring cybersecurity. In Germany, 39.8 percent cast a critical eye on this, while in Switzerland it is 35.5 percent of respondents.
Agile methods have become an indispensable part of modern working life. Are the available security solutions flexible enough to keep pace with agile business? As many as 42.8 percent of the German respondents, 41.5 percent of the Austrian respondents and 39.2 of the Swiss respondents expressed doubts here.
Often still old prejudices against IT security
"The figures regarding workflows and flexibility for agile workflows make it clear that an outdated and traditional image of IT security based on rigid structures often still prevails in executive floors," said Michael Veit, cybersecurity expert at Sophos. "Modern cybersecurity solutions, however, offer exactly the opposite and are characterized by their modular and flexible handling, both in architecture and in everyday use. Technologies such as Zero Trust, Managed Security Services or even adaptive cybersecurity ecosystems enable flexible working today, where the user is no longer even aware of the IT security processes in the background."
Investments at constant level - exact data not known, Switzerland ahead here
Asked whether investment has changed over the past two years, a majority of respondents in Germany (57.2 percent) and Austria (52.8 percent) and 45.1 percent in Switzerland said investment had remained at an unchanged high level. At 47.1 percent, and thus the highest percentage, Swiss company managements indicated that they had increased investments in the past 24 months. In Germany (34.8 percent) and Austria (32.1), a good third invested more in IT security. 13.2 percent in Austria, 7.8 percent in Switzerland and 7.5 percent of the managers surveyed in Germany were unable to provide any information on this.
It was rather difficult for the management levels to quantify the exact share of spending on IT security, certainly not least because of the complexity within all cost factors for IT. This is particularly true in Switzerland. Here, almost half (49 percent) of respondents said it was impossible to quantify. 36.3 percent of respondents from German companies were unable to name the share of IT security in IT expenditure, while in Austria this figure was 30.2 percent.
Otherwise, investment in cybersecurity in DACH is distributed as follows: In Germany, 20.9 percent of companies spend 5 to 9 percent on IT security, while 14.4 percent invest 10 to 19 percent. In Austria, 28.3 percent still spend 10 to 19 percent on IT security, and for 13.2 percent of the companies surveyed, the figure is as high as 20 to 29 percent. In Switzerland, the picture is as follows: Here, 19.6 percent of companies spend 5 to 9 percent on cybersecurity and 13.7 percent even invest 20 to 29 percent of their budget in this important area.
Source: Sophos
