IDC study on Cyber Security 2020+: COVID-19 increases budgets, security situation remains questionable. IDC study shows where companies need to re-sharpen and what plans they have.
The IT security situation in Germany is still tense. The growing complexity of IT landscapes, the agility and mass of cyber attacks as well as the increasing compliance requirements are becoming increasingly difficult to control with the implemented, but apparently inadequate IT security resources. COVID-19 and the associated migration of countless employees to the home offices was and is a further test for the quality of the ability of companies to defend themselves and react to cross-industry events of global scope. Comprehensive IT security is becoming more critical for the economic success of every company and organization.
A new IDC study shows where companies need to re-sharpen and what plans they have
- 78 percent of the companies surveyed in Germany were successfully attacked
- 63 percent emphasize that cyber risks require a changed security architecture
- Network security, data protection and cloud security are the top topics in IT security
In August 2020, IDC surveyed IT and specialist decision-makers from 210 organizations with more than 100 employees in Germany and obtained detailed insights into the implementation plans, challenges and success factors in cyber security.
Almost every company is affected by attacks, and the reactions to them are far too weak
IT security solutions exist in all companies. Primarily in small and medium-sized companies, however, far too many people in charge still rely on "on-board solutions" and standard settings. That is high risk. 78 percent of the companies surveyed have already been confronted with security incidents. “The aim of attacks is always economic damage to the target company, such as financial loss, loss of intellectual property, damage to reputation or loss of customers. If the IT is idle and the data is not available, this has a direct financial impact, ”explains Matthias Zacher, Senior Consulting Manager and Project Manager. 64 percent of those surveyed emphasize that advanced security solutions and next gen security (e.g. analytical and event-based, proactive solutions) are important approaches to improving IT security. Although many companies also have cyber security solutions in addition to classic security tools, the penetration rate is still far too low. However, there is still a need for extensive explanations in many companies about how they can support modern solutions in detecting and combating advanced threats.
COVID-19: Security budgets are increasing - but not in all companies
COVID-19 continues to represent a major factor of uncertainty for all companies. This applies less to the business development of the past few months, but more to the weeks and months ahead. IT security is one of the "winners" of the current situation. 38 percent of those surveyed increased their budgets to secure their home office and remote work. This includes expenses for better protection of end devices and investments in data protection. 31 percent of those surveyed want to spend more on network security. Urgent investments in backup and recovery, secure cloud computing or stronger identity and access management are still outstanding and must be addressed at short notice from IDC's point of view.
Long overdue: Network security is moving more into focus
The IDC study surveyed 210 companies in Germany in August 2020 (Image: IDC).
With a mention of 37 percent, network security tops the list of the most important topics for 2020. From IDC's point of view, it was long overdue for IT decision makers to focus more on the network and its security. COVID-19, remote work, the efficient and cost-effective connection of branches with SD-WAN as well as other new technologies assign the network a major role in information and telecommunications technology and require a comprehensive update of the network security and the security architecture in the Companies.
Important topics in 2021: Cloud Security and Digital Trust
The cloud is increasingly becoming an integral part of the IT landscape. For this reason, companies have to concentrate much more on cloud security than before. With hybrid clouds and multi clouds, both the number of potential points of attack and the number of people and identities who work together on a task or interact in an ecosystem are increasing. This requires a high level of robustness in the solutions in order to leave little room for potential attackers or to be able to react immediately. Around 70 percent of those surveyed emphasize that hybrid clouds and multi clouds require an adapted security architecture in order to reduce the possibility of attack in advance. Another aspect to strengthen cyber security and cloud security in particular is trust or digital trust. With Digital Trust, companies assure their business partners and the public that they have implemented comprehensive measures at various levels in order to be accepted as a trustworthy partner in digital ecosystems. From IDC's point of view, digital trust is essential in times of crisis and should not be neglected.
The next steps: more integration, more automation
With all of the above-mentioned objectives and hurdles, the lack of qualified employees remains a permanent challenge. The integration of security solutions and automation is an important building block in order to partially compensate for the shortage of skilled workers and to contribute to increasing security. The integration of various security solutions has been a permanent construction site in companies for years, in which the IT security industry has played its part due to the inability of the solutions to integrate. But now things are slowly moving. 49 percent of those surveyed are currently using solutions for closer interlinking of the components of a provider. 42 percent each correlate security solutions with network management solutions and integrated third-party solutions based on a communication layer. These approaches underline the pursuit of proactive protection, monitoring and transparency as an important prerequisite for reacting quickly. Analytical approaches and AI-based functionalities offer significant added value here. If the company succeeds even better than before in integrating IT security into the planning, initiation and evaluation of all new business initiatives right from the start, then important homework has been done.
IDC study on Cyber Security 2020+ - conclusion and outlook
Excerpt from the study: “How has your company’s IT security spending changed due to COVID-19 in the following areas?” (source IDC)
IT security still does not receive the attention that is required to successfully secure operational processes. The current study - like the last one - clearly shows that many organizations are still inadequately protected. Basic protection and standard security solutions are in place in all organizations. However, that alone is less and less sufficient to counter the large number and intensity of attacks and to restore the initial situation after successful attacks. The current requirement for most companies is explicitly to put their IT security strategy to the test in order to comprehensively safeguard new technologies and solution approaches, digital business and new forms of cooperation between different market participants and the agility and resilience of their organization against unexpected ones Incidents to increase. Integration, automation and continuous optimization of security processes across all IT domains and business domains are the key to success. That must be the common goal of providers and users. Judging by the current survey, most companies in Germany have recognized the challenges according to IDC assessments, but have to turn many screws to be prepared for the challenges that arise.
More on this at IDC.com
About IDC Central Europe
IDC is the world's leading provider of information technology and telecommunications market intelligence, advisory services, and events. IDC analyzes and predicts technological and industry-related trends and potentials, thus enabling its customers to plan their business strategies and IT purchasing in a well-founded manner. Thanks to the network of more than 1100 analysts in over 110 countries with global, regional and local expertise, IDC can provide its customers with comprehensive research on the most diverse segments of the IT, telecommunications and consumer markets. For more than 50 years, business leaders and IT executives have trusted IDC to make decisions.