The latest side effect of the novel coronavirus is increased activity in cybersecurity.
Nearly 60% of organizations have boosted their cybersecurity budgets since the start of the pandemic, finds a new Microsoft survey. And more than 80% plan to add security staff, either with hiring or outsourcing.
Microsoft’s GM of security, Andrew Conway, writes in a recent blog post that during just the first two months of the pandemic, the company observed two years’ worth of digital transformation.
Spending on cybersecurity seems to reflect that. Despite the global recession, spending on cybersec products and services will grow 6% this year, for a worldwide total of $125.2 billion, market watcher IDC predicts. Looking ahead, IDC expects this spending to rise by an even faster 8.1% a year on average through 2024, when it will reach $174.7 billion worldwide.
To conduct its survey, Microsoft reached nearly 800 business leaders in four countries: the United States, Germany, India and the UK. All respondents worked for large organizations with over 500 employees.
Here are some of the key findings:
> 58% of respondents say they’ve increased their security budgets.
> 65% of respondents say they’ve increased their security compliance budgets.
> 82% plan to add security staff. About half this group plan to add staff by hiring new employees; the other half, by outsourcing.
> 81% feel pressure to lower their cybersecurity costs.
> 90% have suffered phishing attacks, and 28% admit these attacks succeeded.
> The top security investments made since the pandemic started are: mutifactor authentication (cited by 20% of all respondents), endpoint device protections (17%), anti-phishing tools (14%), and end-user security training/education (12%).
> Looking ahead, the top security investments planned for the future are: cloud security (cited by 40% of all respondents), data and information security (28%), and anti-phishing tools (26%).
5 long-term changes
This isn't a short-term blip, says Conway of Microsoft. He believes the pandemic will change cybersecurity in five permanent ways:
> Security becomes the foundation for WFH: We now have the “largest remote workforce in history,” Conway writes. As a result, managers have learned that security involves more than just blocking malware; it’s also an important way to improve productivity and collaboration.
> Everyone is on a zero-trust journey: Conway says the zero-trust architecture will become the new standard. In the survey, a large majority (91%) of respondents say they’re deploying zero-trust now, and about half (51%) say they’re also speeding these deployments.
> Diverse data sets = better threat intelligence: During the early months of the pandemic, Microsoft used the cloud to track more than 8 trillion (!) threat signals a day. These came from a diverse set of products, services and feeds worldwide, giving the company a clear view of the actual threats.
> Cyber-resilience is fundamental: Organizations need to ask themselves: How much risk can we handle? And how well equipped are we to block likely attacks? Also, the survey found that companies using the cloud are much more likely than others to have a cyber-resilience strategy. More than half of “cloud-forward” companies have such a plan for most risk scenarios, compared with only 40% of on-prem orgs.
> The cloud is the new security imperative: Security is no longer just a solution you deploy on top of an existing infrastructure. Now it needs to be integrated, and the cloud is a powerful way to do just that. In the survey, nearly 40% of respondents say they’re investing in cloud security this year.
Check out more details of the survey in this Microsoft blog post.