Thank you for your participation in our recent survey. As a reminder, we surveyed around 1,000 security leaders to gather insights on where you see security heading in 2021 from both a talent and thematic perspective. We hope our research findings are helpful to you, your organization, and your fellow security leaders as you plan for what’s to come.
How do you see your company’s investment in security changing in 2021?
- Nearly 40% of security leaders anticipate they will see a double digit increase in their budget for 2021. Additionally, 3 out of 4 respondents anticipate some sort of increase as they prepare for the coming year.
- This is a positive sign for businesses and consumers alike. Given the continued economic uncertainty and a long track record of companies underinvesting in security, it’s encouraging to see optimism among executives when it comes to future investment in their programs.
- It’s also worth noting that this survey was conducted before the SolarWinds news, and I imagine there are companies that fell into the “no increase” or “decrease” buckets that will now be investing more.
In which area do you plan to invest the most new resources or budget in 2021?
- It’s no surprise to see the majority (nearly 39%) of respondents focus their investments on automation. Efficiency, speed, and cost are all benefits of automation, and just like many of their counterparts, CISOs value more time and available budget.
- I was surprised by the variety of answers to this question, though you could argue those that are investing in the First/Second line of defense will do so through talent and/or automation investments.
- I was surprised that only 1 in 7 security leaders chose overall talent as their top investment. I didn’t think this would be the top choice, but knowing how people-focused the security community is, and how light the bench of executive talent is, I expected to see more of a focus here.
Which security trend from 2020 do you see continuing or having the biggest impact on your security program in 2021?
- When we surveyed F1000 CIOs earlier this year, they overwhelmingly agreed that the events of 2020 would meaningfully accelerate their company’s digital transformation efforts. Security is obviously a critical piece of a company’s digital transformation strategy, and the role security plays in cloud migration is of the utmost importance.
- The importance of security leader’s involvement in the GTM strategy and execution will continue to be a trend to keep an eye on. Outside of IT circles, this continues to be the hottest topic of conversation, and a skill that most companies are requiring in their next CISO hire.
What is the biggest threat facing the security industry in 2021?
- This is an even more interesting question given the events that transpired over the last two weeks with SolarWinds.
- Malware attacks and the steady rise in “bad actors” are the threats that have kept most CISOs up over the last decade and that doesn’t appear to be changing.
- One write-in response highlighted the potential threat of a “corporate culture” that views security as a compliance function. While this is undoubtedly a serious, historical threat, I believe it’s one that can be mitigated by strong security leadership.
How has COVID shifted your security talent strategy heading into the New Year?
- This result is misleading. I think whenever we see “nothing has changed”, we view that as a lack of progress or even a step backward. Given the complexity of this year, having nearly half of the CISOs polled respond that nothing has changed says two things. 1) They did a great job preparing their companies for crisis and were swift in their response to a rapidly changing world. 2) These companies instilled trust in their executives and didn’t feel the need to immediately react to the unknown that COVID presented.
- Only a small number of respondents said they were decreasing hiring efforts and weren’t investing in technology during this time, and no one(!) called out layoffs to their team as a response to COVID, which is exceptional.
How does a more remote workforce change your company’s risk profile?
- Most companies recognize there is a slight increase in risk with a remote workforce, but I imagine if we were to run this survey at the same time last year these numbers would have looked much different, with the majority of respondents claiming a “high increase in risk”.
Which one of these security functions/skill sets will be more important for your business in a post COVID world?
- This is in line with the theme we’ve seen in previous responses around the areas of investment and biggest concerns of 2021. If malware and cloud transformation are top of mind, threat detection and security engineering are going to be critical skill sets for security leadership to invest in.
How do you think security professionals’ compensation will change over the next 1-3 years?
- This is the one area that I would disagree with the majority, and agree with the 16% of people who see a significant increase in compensation for security professionals.
- There is a well-known inconsistency in the market when it comes to security officer compensation. As more companies, boards, and executive teams put an emphasis on this field, I believe that compensation will follow suit and increase over 15% in the next three years.