Ninety percent of security leaders believe their organization is failing to adequately address cybersecurity risk, according to a survey of information technology (IT) and security leaders.

The 2022 Security Priorities Study, released by Foundry (formerly IDG Communications), looks at the security-related priorities IT and security leaders are focused on now and in the near future. In its sixth year, the study shares insights into the security structure of organizations, perceived risks, continued challenges and investments being made to better secure organizations.

The survey found that 90% of security leaders think their organization is falling short in addressing cybersecurity risk. The surveyed cybersecurity leaders identified a number of challenges to addressing cyber risk in their organizations, including:

  • Difficulty convincing all or parts of the organization of the severity of risk
  • Inadequate resource investment in cybersecurity
  • Staffing shortages and talent retention issues
  • Not proactively addressing security enough

One way organizations are addressing cybersecurity risk is by allocating funds to security. In 2022, the average annual security budget is $65 million. For small businesses, however, the security budget has jumped to $16 million, from $11 million last year and $5.5 million in 2020. On average, large enterprises are seeing steady security budgets — $122 million this year compared to $123 million in 2021.

When asked which security-related challenges were most often forcing security executives to redirect their time, respondents stated meeting governance and compliance regulations, employee awareness and training, unanticipated business risks (last year’s top challenge), preparing for or addressing risks from cyber threats originating outside the organization, and budgetary constraints and demonstrating ROI.

For more report findings, click here.