Despite growing cybersecurity threats like ransomware and the importance of technology to modern business functions, IT professionals say it remains difficult for company management to prioritize IT, according to a survey from online IT community Spiceworks.
The survey, the “2017 Tech Career Outlook,” was unveiled at the SpiceWorld 2016 IT Conference in Austin, Texas, and found that a solid majority (55 percent) of IT pros believe that getting management to understand the importance of IT priorities is going to be their biggest challenge next year.
Fully 53 percent of respondents said that getting business leaders to approve or fund important IT projects will be their most challenging task, and an equal percentage said that ensuring that corporate data is safe from security threats will be their most daunting task. And 47 percent said keeping IT infrastructure up to date will be their biggest challenge in 2017.
Making IT a Priority
Why is there is so much resistance to prioritizing and funding IT? Peter Tsai, an IT analyst with Spiceworks, told BizTech that although perceptions are starting to shift, many business leaders still see IT as a “cost center” that does not add value to the business — but instead is just a drain on cash.
Business leaders with technical backgrounds or ones who deal with IT day-to-day — such as CIOs, chief technology officers, or even some CEOs — are more likely to place a priority on IT than CFOs, chief marketing officers or those involved in marketing/sales, Tsai said.
Those users are likely not following best practices for cybersecurity and are installing shadow IT, Tsai said. “They are not investigating how secure certain applications they want to use are,” he added.
What can be done? “If you have someone in charge who understands and prioritizes security, they can push that down to others. It will get better over time,” he said, noting that users at all corporate levels are being bombarded with stories about data breaches and cyberattacks, and that higher level of awareness is becoming part of the culture.
According to a separate Spiceworks survey, 60 percent of all IT buyers expect their company’s revenue to jump ahead in 2017, but respondents also expect IT budgets to be flat next year.
What do IT pros have to overcome besides a lack of money? Tsai said it’s a lack of time, as most IT pros self-report that they are overworked. That’s especially true for small companies, where the IT staff may be a staff of one.
“They have all of these different priorities that they have to chase,” Tsai said, adding that getting end users to understand security risks is always a challenge. He also noted that many users “just want to get things done as fast as possible without worrying about the security implications,” and want to use software the way they do at home.
What can help make IT more of a priority? Companies need to change their policies and procedures and get more people to understand the importance of technology and data security, Tsai said. He added that some companies have issued warnings to users (with corresponding consequences) if they don’t secure their notebooks or data.
Companies Hesitant to Invest in Cybersecurity Training
According to the survey, IT security/cybersecurity skills top the list of most important IT skills, with 95 percent of IT pros saying they’re necessary for IT success in 2017.
Cybersecurity professionals are in high demand, and there is a widespread perception that there are not enough qualified cybersecurity pros. Additionally, 55 percent of organizations do not currently employ or contract a cybersecurity expert, according to Spiceworks.
Another Spiceworks survey conducted earlier this year found that companies are generally hesitant to invest in cybersecurity training for their employees. Fully 57 percent of respondents said their employers are somewhat open to spending on training, but it takes some convincing to get them to do so.
However, 19 percent of organizations are not open to paying for an employee's IT training, leaving IT pros to pay for it themselves.
Just 18 percent of employers are very open to spending and encourage employees to pursue cybersecurity training, with an additional 6 percent of employers being extremely open and having already made investments.
Tsai said this is often due to a lack of funding or a desire to fund training on a case-by-case basis. He also said many in upper management do not understand why IT is so critical and how IT security contributes to a company’s bottom line.
There are many pitfalls to a lack of resources and training devoted to cybersecurity, Tsai said. A lack of understanding of what companies need to do protect themselves can have dire consequences: inadequate training, poor education and users falling for phishing scams or leaving data unsecured. “There are just so many different things that can go wrong,” Tsai said.
If companies do not properly train their employees the risk is greater that confidential information will be divulged or that systems will be compromised, Tsai added. That can mean financial losses or a damaged reputation, he said.
Technology investment alone cannot ensure cybersecurity, Tsai said. “Sometimes people want a magic wand or magic bullet,” Tsai said. “The reality is that security is dependent on everyone — every single person at the company, understanding the risk and knowing the best practices.”