What would your security team do with an extra 62 days?
According to a recent study by IDC, that’s the amount of time the average-sized security team can expect to regain by addressing a lack of security management integration. With just 12 percent of respondents currently using an end-to-end management suite—and with 14 percent completely reliant on ad hoc “solutions”—there’s plenty of room for improvement.
The study, “Security Integration and Automation: The Keys to Unlocking Security Value,” found that businesses who addressed lack of integration saw three main business benefits: Efficiency, Cost Reduction and Improved Staff Retention. If your business chose to do the same, which goal would your team spend its 62 days working toward?
When asked what concerns limited their ability to improve IT security capabilities, 44% reported security was too busy with routine operations, and 37 percent cited high levels of demand for new business services.
If these teams had an extra 62 days, it could afford them the free time needed to improve their security posture—and one place that a lot of companies currently fall short is in the cloud, where a majority of new business services live.
According to IDC, enterprises are expected to spend $1.7 trillion on digital transformation by the end of this year. And our 2019 Cloud Adoption and Risk Report found that 83% of respondents worldwide stored sensitive data in the cloud. The number of files on the cloud that are eventually shared has risen to nearly half, but unfortunately, there isn’t always a lot visibility or control over where that data winds up. 14% of those files go to personal email addresses, removing them from the oversight of corporate cybersecurity. Even worse, another 12% of the files shared are accessible to “anyone with a link.”
These numbers are only rising—over the past two years, they’ve gone up 12% and 23% respectively. A recent report by Gartner puts a fine point on it: “Through 2025, 90% of the organizations that fail to control public cloud use will inappropriately share sensitive data”—a figure which could risk your company’s compliance status, reputation, or even overall well-being. Clearly, any portion of that 62 days dedicated to preventing such data loss would be time well spent.
According to a Cybersecurity Ventures report, there will be an estimated 3.5 million unfilled cybersecurity jobs by 2021. Odds are, your own cybersecurity team is feeling this crunch. In our “Hacking the Skills Shortage” report, we found that businesses are having to respond to in-house talent shortages by expanding their outsourcing of cybersecurity.
More than 60% of survey respondents work at organizations that outsource at least some cybersecurity work. With an extra 62 days a year, some of these capabilities could be brought back in-house, which would help meet cost-cutting goals or free up resources that could be reallocated elsewhere. For a team struggling to meet demands that outpace their current bandwidth, having this 62 days would be like receiving an extra 9.5 manhours of work a week. This “free” higher production reduces your company’s labor cost—and could make a substantial difference during cybersecurity labor shortages, when extra manpower can be basically unavailable at any price.
What else could your team do with 62 extra days a year? Nothing at all.
More specifically, this time could be allocated across your team as a way to ease burnout, incentivize hard work, and help increase retention.
According to our “Winning the Game” report, only 35% of survey respondents say they’re “extremely satisfied” in their current cybersecurity job, and a full 89% would consider leaving their roles if offered the right type of incentive.
What are the “right types of incentives?” 32% said that shorter/flexible hours would make them consider leaving. Another 28% said lower workload would lure them away, and an additional 18 percent said an easier, more predictable workload could make them switch.
Assuming an average security staff of between 5 and 6 team members, 62 days would allow you to give each employee several extra days off a year. Alternately, by distributing existing workload through this allotted time, your team could work at a pace other than “breakneck.”
While the extra time you’d gain could certainly allow for less work, it could also allow for more interesting work. In the same survey, 30% of employees mentioned that an opportunity to work with exciting technologies like AI/automation could lead them to consider working elsewhere. If your team falls into this camp, an extra 62 days could allow the time necessary to explore these options (which in turn, could have business benefits of their own.)
Once these benefits are realized, what are the ultimate outcomes expected to be? According to IDC, 36% said faster response times, 35% said more effective response, and 29% said better threat intel sharing. Given these findings, it’s no wonder that the share of end-to-end suite users who feel their security is ahead of their peers outnumber their ad-hoc equivalents 4:1. Where does your business stand?
To read the full “Security Integration and Automation: The Keys to Unlocking Security Value” study, click here.
About the Author