Recent research from CompTIA finds U.S. employees believe the state of cybersecurity is declining, with 70% satisfied with their company’s approach, a drop from 82% in 2020. Indeed, just 3 in 10 respondents say they are “completely satisfied” with their organization’s approach to cybersecurity, according to the 2021 State of Cybersecurity report.
Currently, the most common cybersecurity practices are: monitoring for cybersecurity incidents (49%), workforce assessment/education and threat intelligence (both at 41%), incident detection and response (39%), and business continuity (37%).
Because cybersecurity is such a complex, multifaceted problem, the research concludes that new approaches are required. No surprise that the top trigger for change is the shift to a remote workforce, according to 43% of respondents. Hurdles to change, however, include belief that current security is “good enough” (45%), prioritization of other technology initiatives (39%), lack of budget dedicated to security (38%), and low understanding of new security threats (37%).
On the bright side, respondents do expect overall spending on cybersecurity in 2021 to increase 12% over 2020, with the highest increase (41%) being directed at cloud security.
The top issue driving that spend is the number of hackers, according to 49% of respondents. Other key drivers are: variety of attacks, privacy concerns, scale of attacks, and reliance on data.
Changes to cybersecurity approaches vary by company size. For instance, midsize and small businesses favor a focus on education (45% and 36%, respectively) and process change (37% and 39%), while large companies prioritize incident response (46%), followed by education and new metrics.
Respondents plan to improve their cybersecurity skills by training current employees, hiring new ones, expanding current partnering, exploring new partners, and certifying current employees.
Here’s what channel pros should note: When evaluating third-party cybersecurity firms, respondents say they are looking for excellence in core offerings, specific knowledge in a focused area, broad knowledge across multiple domains, ability to perform cost/benefit analysis, and access to threat intelligence.