Rackspace Technology research has highlighted the impact the past five years of global cyber threats have had on the relationship between an organisation’s security team and its C-suite.
The second annual cybersecurity research report found that more than half of UK business leaders (56%) now include cybersecurity attacks as one of their three main business concerns, making it the chief priority ahead of even price inflation (48%) and IT talent shortages (45%).
This is reflected in the evolving relationship between security teams and senior leadership. Almost three quarters of respondents (74%) feel that security teams have better board visibility than five years ago and the same proportion (73%) now consider the C-suite to be advocates of cybersecurity.
In general, communication between the two teams is also strong, with two thirds (66%) considering there to be few communication silos and almost seven in 10 (68%) considering the C-suite and security teams to collaborate regularly.
Rob Treacey, Head of EMEA Security at Rackspace Technology, said: “Huge encouragement can be taken from the findings that cybersecurity is now being prioritised at board or C-suite level – though this is also a reflection of the scale and severity of the challenges many organisations currently face from cyber threats.
“Too often in the past we have seen security teams undermined or siloed within organisations when their voices needed to be heard. It is therefore unsurprising to see cybersecurity emerge as a pivotal business issue as senior leaders finally recognise the need to keep hackers out, and the potentially devastating consequences of not doing so.”
This improved advocacy at a senior level is in turn helping to facilitate an increase in funding, with almost seven in 10 organisations (69%) currently upping their investment in cybersecurity. The average annual investment in cybersecurity has now reached $7.58 million in the UK – far outstripping the global average of $6.12 million – with more than a fifth (22%) committing at least $10 million a year.
Assigning this increased funding appropriately is emerging as the latest challenge, especially in a tightening labour market and with a premium on specialist cyber skills. In the UK, a lack of resources (39%) is considered the most common reason why an organisation needs to engage with external security providers, with a lack of expertise (36%) ranking second.
And with business operations now dominated by the cloud, almost two thirds (65%) of organisations are now investing in cloud native security – another more specialised area of a whole cybersecurity programme.
Treacey added: “Making the case for increased investment is no longer a challenge for security teams with the C-suite so bought into the need. The issue is that these senior leaders expect problems to disappear by throwing money at them when this will only be done through smart decisions.
“Many organisations do not have the skills or resources to counter the level of threats they are likely to encounter and are struggling to source them in a tough labour market. While it is encouraging to see leadership taking the issue of security seriously, there remain real challenges when it comes to ensuring organisations keep cyber threats at bay.”
To download the full report, click here.