Survey Finds Security Investment Increasing, But Not Security

The second-annual Cyren-Osterman Research U.S. security survey shows a significant disconnect between rising IT security spending and a low level of confidence in current protection, among many topics covered in the 24-page report, IT Security at SMBs: 2017 Benchmarking Survey, available for free download.

Security Budgets Up Sharply

On average, survey respondents reported that IT security budgets grew a robust 17% during the past 12 months. That’s on top of a 21% increase reported one year ago in the first annual Cyren-Osterman Research survey. However, sixty-eight percent of businesses reported one or more breaches or infections during the prior 12 months, and significantly less than half believe they are well prepared to meet priority threats like ransomware, phishing and zero-day exploits

The survey focuses on the current web and email security status and priorities of IT and security managers at organizations with 100 to 3,000 employees. The survey results allow security personnel to benchmark their own security posture and planning against their peers.

Current security concerns

Figure 1: Ransomware is the top concern, up from #4 last year; controlling employee behavior ranks last

Some conclusions from the survey data which are covered in the report include:

Preference growing and nearly equal for cloud-based SaaS vs. on-premises

The preference in terms of deployment model for security solutions is now nearly equally divided, with 32 percent preferring on-premises solutions, and 29 percent preferring cloud-based SaaS – with the latter up sharply from 21 percent in the 2016 Cyren-Osterman Research survey.

cloud versus appliance

Figure 2: Preference for cloud-delivered security versus on-premises appliances nearly equally divided.

Email security is now predominantly done in the cloud

Fifty-seven percent of SMBs rely on SaaS security for their email, considering together those who subscribe to a SaaS Secure Email Gateway (28 percent) and those who rely on the security provided by their SaaS or hosted email service provider (29 percent).

Cloud-based web security is moving up the adoption curve

Eighteen percent of SMBs reported that they subscribe to SaaS web security, with another 16 percent reporting deployment of “hybrid” cloud and on-premises solutions, and six percent relying on a hosted virtual appliance.

Security effectiveness and speed of defenses are most desired capabilities

The misgivings around security performance were also apparent in the rankings of desired capabilities in new security solutions – “security effectiveness” (85% indicating highest importance) and “speed of defenses applied to new threats” (74%) were given significantly more weight by managers than cost and all other considerations.

Growth in preference for cloud-based security

Perhaps connected to their lack of confidence in current security capabilities, respondents also indicated they are open to new security approaches, with 29% of IT managers expressing a “strong preference” for cloud-based security. This is a notable increase from 21% in last year’s survey, and means that cloud-based security is almost at parity with on-premises security appliances as a preferred deployment model.