IT Security is a topic that won’t be going away, however, it's also an area that many organisations choose to push aside as a key priority.

Joining a recent breakfast conversation with ARN Exchange, IT industry leaders unpacked the challenges and opportunities that exist when it comes to delivering data security.

The IT industry is booming and continues to grow year on year.

IT Security is one area that increasingly attracts discussion; however, it is also an area that often isn’t granted a large proportion of budget spend by organisations.

Mark IIes, an Industry Expert working for Tech Research Asia discussed research findings that show approximately 3-5% of the average spend of an organisations IT budget goes towards security. A very small percentage considering the risk organisations face if they were to experience an attack.

More positive signs are the findings that close to 90% of enterprises are planning to spend more on security in the next 12 months. With almost 80% of organisations believing their cybersecurity effectiveness is falling, there exists an opportunity for the IT industry to educate the enterprise sector on the importance of directing a larger portion of budget towards data security.

The Notifiable Data Breaches Scheme

Since the Notifiable Data Breaches (NDB) Scheme was enacted last year, the number of reported data breaches has significantly increased. Findings from the most recent Financial Year (June 2018 until 31 March 2019) identified there to be 722 data breaches reported. A far greater number than breaches reported in years earlier under the Voluntary Scheme.

The NDB Scheme is in place to set out obligations for notifying affected individuals and the Australian Information Commissioner about a data breach that is likely or could cause harm to those affected. If people place trust in organisations with their data, the NDB scheme exists to ensure there is no misuse of customer information and important details.

So, if one of the greatest risks to an organisation is a data breach then why are so many enterprises choosing not to engage inadequate security measures?

Unpacking Security Challenges and Opportunities

There are many challenges when it comes to dealing with IT Security – one of the biggest discussed at ARN Exchange is the gap that exists between IT expertise knowledge and a company’s executive team.

In numerous cases, there is an obvious disconnect between those who sit on the board and have a say in company spending, compared with the IT experts who can provide adequate security information.

However, with this challenge comes opportunity. Education by industry experts is key as this disconnect can be overcome through greater knowledge. The opportunity lies in changing the outlook of executives and decision-makers who may not understand the extent of IT security or its importance.

Another question that often gets asked is whether organisations will avoid buying into security until a cyber-attack or data breach occurs.

We hear and read about large scale data breaches affecting big companies – and often many organisations shrug it off as not relevant or threatening to their small operation. But this isn’t the case and being a small company definitely doesn’t safeguard you from being a target.

Do organisations really have to wait until they are affected to take action? The answer should be no – and that’s why industry experts and partners need to successfully educate leaders.

It all begins with painting the broader picture of how the security architecture of one’s business works to safeguard their entire operation. Fear-mongering by mainstream media may start the conversation, but education needs to come first.

The final opportunity discussed exists for Managed Service Providers (MSPs). It’s no surprise that the demand for managed security offerings will continue to grow year on year. There exists a lot of opportunity for the managed market with 50% more enterprises looking to engage with a security partner in the next 12 months.

The ethics of an MSP exist as a critical opportunity. Finding an MSP that stays clear of boxed solutions, instead of focusing on tailoring to specific customer needs will remain paramount.  If your organisation is engaging in discussions with an MSP on security options, one of the most important considerations is the extent to which security solutions are being created to meet the specifics of your business.

Working with industry experts who can provide the knowledge needed to convey the facts is key. Security is complicated in its nature and having a third-party provider with the expertise to educate you is important.

Whether you’re an industry expert or an organisation looking to adopt better IT security practices – the world of IT is always evolving. Understanding why security needs to be a priority is only the beginning and enacting change through education is what needs to follow.