Protecting company and customer data is not the main motivator behind the increase in cybersecurity investment, which is driven primarily by a fear of financial penalty, claims a new report from Thycotic.
Based on a poll of more than 900 CISOs and senior IT decision makers globally, the report states that almost a quarter of respondents (23 percent) believe the threat of fines is the most effective way to persuade directors to invest in cybersecurity.
Regardless of motive, IT security budgets are rising across the board – and that’s a good sign, according to Thycotic. More than half of IT security decision makers say their companies are planning to add to security budgets in the next 12 months.
Further, more than three quarters (77 percent) have received boardroom investment for new security projects, either in response to a cybersecurity incident or prompted by the fear of audit failure.
But it’s still not easy for CISOs and senior IT decision makers to convince directors to invest further in cybersecurity. Almost two fifths of proposed investments are turned down because the board doesn’t consider the threat severe enough, and because IT couldn’t demonstrate a worthy return on investment.
A third of respondents said they don’t think senior management understands the scale of cyberthreats when making security investment decisions.