Businesses and IT Security: A cost rather than a strategic asset
january
2020
Security and cloud, priorities to invest in
The 2020 Assintel (Italian National Association of ICT companies) report points the finger at the sometimes contradictory attitude of companies towards security issues. Security remains one of the main technological areas in which Italian companies plan to invest this year to accelerate the technological transformation of their activities together with the cloud, especially in its application version of software-as-a-service. Those who have projects that include mobile or the internet of things, are aware of the risk deriving from increasingly sophisticated cyber-attacks, and in general, the request to defend networks and data increases, also in response to the privacy legislation. However, only one in ten companies consider security a strategic sector for the development of their business, a share that is even lower than the one reported in the survey carried out one year ago (19%).
Micro enterprises: a risk for the entire system?
"Quite often the competitive needs on a technological level require a complex synthesis between understanding the present and the vision of the future - says the study - and quite often Italian companies still struggle to understand the role that IT security plays as an infrastructure that allows them to compete in digital markets, especially considering small and micro enterprises". For approximately half of the very small businesses, in particular, spending on security is considered marginal and this can represent a risk for the entire digital system, given the role of supplier carried out for medium and large companies.
Finance and Public Administration are at opposite ends with regards to security
The picture changes if you examine larger groups, but overall three-quarters of companies consider IT security as a contingent cost to be incurred in case of need, and therefore occasionally, or at the most, one of the various expenses that go under information technology expenses. On the contrary, Assintel pointed out a year ago, the world of finance and public administration have an opposite attitude: in finance, security is an enabling technology on which to allocate a non-residual share of the IT budget, as it deals with the complexity of cyber-attacks and therefore with the need to raise the level of attention, both by providing a 24-hour management and by defining a stringent internal policy. For the Public Administration, (and often for the manufacturing industry), which sometimes does not have specific resources for safeguarding its computer systems, the first step to overcome is a corporate culture and requires to set aside the equation "security=costs".
Shortage of skills and growing demand for specialists
Together with the resources available and ongoing management, one of the main challenges that companies have to face with regards to IT security, are the skills and the level of training of human resources on this issue. The latest reports from the Observatory on Digital Skills underline the growing demand for professional profiles related to security among emerging figures in information technology: from cyber security officers to define corporate security and prevention strategies, to information security managers to manage internal policies, to information security specialists to put them in place. At the end of 2018 there were more than 1300 open positions for these professional profiles. In job advertisements for ICT, says the Observatory, there is a clear prevalence for developers, digital consultants and media specialists, but the cloud-related professions are emerging as well as the demands of data processing specialists and with them, the demand of IT security professionals is also increasing.