12 June 2023

Organisations have greater understanding of IT vulnerabilities but struggle with capacity

Solvinity survey shows that organisations are prioritising security better, but lack of capacity is a concern

Amsterdam, 15 May 2023 — Organisations have a better understanding of the vulnerability of their IT environment and are taking targeted measures to improve it. At the same time, lack of capacity in terms of security personnel is a considerable challenge for many organisations. This is according to new security survey from Solvinity: ‘Smarter Security 2023’.

Smarter Security 2023 is a follow-up to previous survey by Solvinity in 2020. At the time, organisations hadn’t yet fully grasped the importance of security, so they had limited understanding of vulnerabilities, hence overestimating their resilience. Since then, organisations seem to have woken up, partly due to ransomware incidents that have been widely highlighted in the media in recent years.

Security starts with insight

If you don’t know where your vulnerabilities lie, you can’t protect yourself. Good news, then, that 69.7% of respondents said they had a precise insight into the vulnerabilities of their IT infrastructure and had taken targeted security measures. This is a significant increase compared to 49% in 2020.

“For years, vulnerability management was seen as a nice-to-have,” says Marc Guardiola, CTO at Solvinity. “It’s good to see more respondents conclude that it is a must-have. At the same time, almost one in three organisations haven’t yet got it right. So, there is still a bit of room for improvement.”

"Ongoing scanning and testing of security is needed in today's rapidly changing IT landscape." 

Security testing still stuck on audits

The survey also asked about the testing methods organisations use to test their security. Audits (55%) stand out head and shoulders among the answers. 41.9% have this done by qualified bodies.

But audits aren’t foolproof, and an awful lot can happen between audits. “You have to be confident that you have your security issues in order at all times,” says Guardiola. “Audits aren’t sufficient for this purpose. Ongoing scanning and testing of security is needed in today’s rapidly changing IT landscape.”

Less capacity to protect

Capacity shortage is a common theme throughout the survey results. For example, more than one in five (22.2%) of respondents say there is insufficient capacity to perform patching, compared with 16% in 2020. For 42.1%, bringing in enough talent is a top priority to keep the organisation safe in the future.

Legacy on-premises infrastructures also consume a lot of IT capacity, as they involve a lot of manual work. Yet, 22.4% of IT professionals still operate with this type of environment. In addition, 40.2% work with hybrid cloud, where – especially in the private part – there may also be a lot of legacy. In contrast, public and (outsourced) private cloud environments offer much better opportunities for automation. This can free up much-needed capacity – provided the right knowledge is applied. “I am a big proponent of cloud, but I’m also aware that this requires specialist knowledge.. Not only in order to keep costs under control. But also because security has to be properly addressed in the cloud from the beginning,” Guardiola concludes.

​​​You can find more insights and clarification in the full report.

About the study
PanelWizard conducted survey for Solvinity in March 2023 among over 400 IT professionals working at Dutch organisations with more than 200 employees. 

Download the Smarter Security survey report

Want to know more about effective cyber security measures, the different methods of security testing and IT budget allocation?

Then download the survey report now!

Other articles