Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity News

Threat of fines, not FUD, drives board decisions on cybersecurity spend

budget-enews
October 8, 2020

Thycotic, provider of privileged access management (PAM) solutions, released its CISO Decisions survey, an independent global study1 that examines what most influences the Board to invest in cybersecurity and the impact this has on CISO decision-making. 

Based on findings from more than 900 global CISOs/Senior IT decision-makers, the research shows Boardroom investments in cybersecurity are most commonly the result of an incident or fears of compliance audit failure. Because of this, the research shows more than half, 58 percent, of respondents say their organizations plan to add more towards security budgets in the next 12 months. 

There are positive signs that Boards are stepping up with investment. More than three quarters (77%) of respondents have received Boardroom investment for new security projects either in response to a cyber incident in their organization (49%) or through fear of audit failure (28%). With financial penalties for GDPR now totaling EUR 175 million, almost a quarter of respondents (23%) believe that compliance or threats of fines are the most effective way to persuade Boards to invest in cybersecurity.  

COVID-19 Drives More Security Investment

Amid growing cyber threats and rising risks through the COVID-19 crisis, CISOs report that boards are listening and stepping up with increased budgets for cybersecurity, with the overwhelming majority, 91 percent agreeing that the Board adequately supports them with investment. Almost 3-in-5 believe that in the next financial year they will have more security budget because of COVID-19.   

CISO Challenges Still Exist

However, CISOs have their work cut out to gain the Board’s support. Almost two fifths (37%) of participants’ proposed investments were turned down because the threat was perceived as low risk or because the technology had a lack of demonstrable ROI. One third (33%) believe senior management does not comprehend the scale of threats when making cybersecurity investment decisions.

CISOs Think Strategically But Invest Tactically

CISOs’ own approaches to buying decisions are forward looking as they try to keep up with industry developments and their sector peers. An overwhelming majority (75%) say they want to try out innovative new tools. However, in practice, they are guided by their industry peers, with almost half (46%) benchmarking their buying decisions against other companies in their sector. This may lead CISOs to err on the side of proven known technology rather than trying something new.

“Our study clearly shows that before CISOs’ can pursue technology innovation they must first educate their stakeholders about the value of cybersecurity,” said James Legg, CEO at Thycotic. “Securing Boardroom investment requires them to strike a delicate balance between innovation and compliance.”  

This balance is discernible in the way decision-makers describe their organization’s risk profile. Almost half of respondents view their organization as ‘in the pack’ (45%) and only a third consider their companies to be ‘pioneers’ (36%), embracing new technology advancements. Only 17 percent think their business has its finger on the pulse, prioritizing investments according to the latest security threat. 

“While boards are definitely listening and stepping up with increased budget for cybersecurity, they tend to view any investment as a cost rather than adding business value,” said Terence Jackson, CISO at Thycotic. “There are some encouraging signs, particularly in APAC where ROI is a leading factor in security investment decisions.”

“However, there is still some way to go,” he continued. “The fact that Boards mainly approve investments after a security incident, or through fear of regulatory penalties for non-compliance, shows that cybersecurity investment decisions are more about insurance than about any desire to lead the field which, in the long run, limits the industry’s ability to keep pace with the cybercriminals.”  

1 Thycotic’s CISO Decisions survey was conducted among 908 Senior IT security decision-makers working within organizations with 500+ employees. The interviews were conducted online by Sapio Research in August 2020 using an email invitation and an online survey.

Thycotic Infographic

KEYWORDS: budget cuts cyber security information security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Cybersecurity
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Education & Training
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • tap to pay device

    The rising threat of cybersecurity for retailers

    See More
  • AI-powered phishing

    Combating the rising threat of AI-powered phishing attacks

    See More
  • Cyber Liability Insurance: Moving from Insurance to Assurance; cyber security news

    How to protect businesses against the threat of ransomware attacks and the role of cyber insurance

    See More

Related Products

See More Products
  • threat and detection.jpg

    Surveillance and Threat Detection

  • Security of Information and Communication Networks

  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing