BAE Systems Survey: “50% of IT decision-makers say budget is Top Three barrier to network security”

In a time where network security is critical for company survival, IT professionals have to deal with many challenges when it comes to protecting their organisation’s networks. 50% say budget is a bottleneck in the way of achieving their objective. That’s according to survey results released by BAE Systems Applied Intelligence. The findings shed light on barriers preventing companies from developing and implementing comprehensive security plans.

Conducted by Spiceworks*, the survey results include responses from 400 IT decision-makers in the UK and the US. The intention of the survey is to help understand the technology stack and behaviours that organisations are currently using, and their preferences for how to tackle their current challenges.

The time spent on network security is critical for both IT professionals and the organisations they serve. The average IT professional spends a quarter of his or her own time just on security policy management, with around 40% of the team devoted to security policy management. However, budget constraints are limiting the use of new strategies, technologies and implementation practices to make this vital foundational layer more efficient, provide greater visibility and manage change as a network grows.

The research indicates that the greatest network security challenges facing IT professionals are:

*Difficulty in simulating the impact of changes

*Ensuring that network security policy is being implemented as intended

*The time taken to update policy on all required devices

65% of respondents face difficulties in at least one of these areas.

Bottlenecks to objective achievement

The research found that staffing is another clear bottleneck for IT teams at organisations. As businesses implement security strategies, appropriate staffing must be considered for the best chances of optimal network security. Furthermore, the issue of the skills gap arises in this finding. As many as 35% of organisations lack employees who have an adequate skill set to do the required job.

A variety of factors account for security team bottlenecks. 50% of organisations are limited by a lack of available budget to do the actual work. 45% of respondents stated that achievements are not a high enough priority for the overall business. Notably, 51% of organisations questioned in the survey are unable to achieve their objectives due to requiring different tools from different vendors, or simply a lack of staff overall.

Gaps in budget and operational resources

Richard Wilding, director of new ventures and innovation at BAE Systems Applied Intelligence, said: “The findings of the survey reveal a great deal of insight into the decision-making process for IT professionals. Perhaps the most alarming finding is the clear gaps in budget and operational resources that limit development of advanced security strategies as well as the implementation practices needed to protect business operations. With a greater focus on network security policy management from the executive level down, operations can take advantage of the newest tools and strategies that exist to make policy management that much more automated, more efficient and  ultimately  more manageable.”

In response to the research, BAE Systems is exploring a new technology which provides greater visibility of the network. Known as Idrisi, the solution helps teams in mid-sized businesses understand what’s on their network and how they can improve their network security.

Idrisi’s Simulation Engine provides a risk score and recommendations for improvement, in turn allowing businesses to focus on the highest priority areas of their networks. To find out more register at

Methodology for the survey

*For the purposes of the study, Spiceworks surveyed IT decision-makers through online research. A total of 400 respondents (300 in the US and 100 in the UK) took the 12-minute online survey.

Respondent Qualification Criteria The IT decision-makers were required to work at organisations with 100-plus employees. These IT professionals are involved in the decision-making process for network/security solutions at their organisation and employ security solutions that produce alerts.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts