Those of us in the cybersecurity community can name-drop dozens of data breaches from the last ten years, but the late 2013 breach at US retailer Target could be considered a game-changer. In addition to the $148 million price tag, the CEO and CIO were both ousted in the wake of the cyber-attack.
Since the Target breach, it has become clear that cybersecurity has become an increasingly important issue at the boardroom level but where does it rank in comparison to other business concerns?
ESG research may shed some light on this question. Each year, ESG conducts its annual IT spending intentions survey to gather data on IT and business trends. ESG asked 601 IT professionals working at organizations in North America and Western Europe to identify the business initiatives that will drive IT spending over the next year. In 2014, the top three responses were:
- 39% said “cost cutting initiatives.”
- 34% said “security/IT risk management initiatives.”
- 26% said “improved data analytics for real-time business intelligence and customer insight.”
So security and IT risk management were considered top business priorities in 2014 but these initiatives became even more critical through the course of the year. When ESG asked IT professionals the same question for its 2015 IT spending intentions survey, the top three responses were:
- 46% said “security/IT risk management initiatives.”
- 37% said “cost cutting initiatives.”
- 30% said “improved data analytics for real-time business intelligence and customer insight.”
The 2015 data is unprecedented, since security/IT risk management initiatives were identified as the top business issue driving IT spending for the first time ever.
The year 2014 began right after the Target breach, ended with the Sony Pictures breach, and featured numerous others (i.e., Home Depot, JPMorgan Chase, Staples, etc.) in between. Based upon the ESG research data, these and other events in 2014 may be the tipping point that escalated cybersecurity risk issues to corporate mucky-mucks on mahogany row.