Three in four companies are more likely to buy technologies and services from providers that prioritize cybersecurity, a new study said.
Paradoxically, 48 percent work with technology providers that don’t have the capabilities to find, mitigate and communicate security vulnerabilities in their products, Intel said in data gleaned from a global survey of 1,875 employees knowledgeable of their organization’s IT infrastructure, security technologies and services purchasing.
A macro finding from the study, entitled The Role of Transparency and Security Assurance in Driving Technology Decision-Making, reflected the importance of technology providers being transparent and proactive in helping organizations manage their cybersecurity risks. Roughly two in three of the respondents said it is very important for their technology provider to adapt to a changing threat landscape. However, the data show that more than half (54%) of respondents said their technology providers don’t offer this capability.
In the study, Intel segmented the characteristics of the ideal technology provider into three categories: Security assurance, innovation and adoption. Here are some of the findings for security assurance rated highly important (by % of respondents):
- 66%: Ability to identify and mitigate vulnerabilities in their own products.
- 64%: Ability to be transparent about security updates and available mitigations.
- 71%: Ability to offer ongoing security assurance and evidence that the components are operating in a known and trusted state.
- 74%: Apply ethical hacking practices to identify and address vulnerabilities.
- 79%: Protecting customer data from insider threats is highly important.
- 76%: Hardware-assisted capabilities to defend against software exploits is highly important.
- 72%: Protecting distributed workloads is highly important.
- 63%: Interoperability top factor influencing the deployment of security.
- 58%: Installation costs; system complexity issues (57%), vendor support issues (55%), scalability issues (53%) are top factors.
Additional takeaways include:
- Improving the ability to deal effectively with a data breach or cyber attack is the top goal of the IT function.
- Organizations’ IT budgets are insufficient to support a strong security posture. 86% of respondents said their IT budget is only adequate.
- Responsibility for security is still uncertain across organizations. While 21% of respondents said the security leader (CISO) should be responsible for IT security objectives, 19% believe it is the CIO/CTO and 17 percent think it’s the business unit leader’s responsibility.
Building security and privacy into products from concept to retirement help customers understand the security posture of their IT providers, said Suzy Greenberg, Intel Product Assurance and Security vice president. “Security doesn’t just happen. If you are not finding vulnerabilities, then you are not looking hard enough,” she said.