Enterprises are focusing on upskilling their IT security staff, according to a report by cybersecurity firm Kaspersky.

As enterprises increase their IT budgets, improving the expertise of internal cybersecurity specialists is one of the top priorities for organisations.

A majority of enterprises (44 per cent) have a security team within their wider IT department.

For 52 per cent of enterprises, cybersecurity is managed by a dedicated department, while only 20 per cent of companies of this size have an in-house Security Operation Center (SOC) responsible for continuous monitoring and responding to security incidents.

Yet, improving internal specialists’ expertise was listed as the second most important reason to increase the IT security budget over the coming years, the report said.

“Businesses, and large enterprises in particular, require skilled professionals to protect from ever-evolving cyberattacks. Combining IT and security functions within a single department can be convenient and speed up many processes to this end. However, this approach also contradicts the segregation of duties principle, as the same people would be responsible for both day-to-day IT initiatives as well as the evaluation of corresponding security risks,” the report said.

In addition to an SOC, 16 per cent said that they have dedicated threat intelligence teams and 14 per cent employ a dedicated malware analysis team, as per the report. .

“Despite the share of such dedicated units seeming quite small, the majority of organisations are ready to mitigate this by assigning a budget to upskill their IT security staff,” the report said.

Overall, 71 per cent of all businesses expect their IT investments to increase in the next three years. Among them, 41 per cent of enterprises are driven by a desire to improve internal specialists’ expertise, making it the second most common reason to increase the IT security budget.

Related Topics