INTELLIGENT BRANDS // Enterprise Security

According to Vanta ’ s findings , only 9 % of the average UK company ’ s IT budget is dedicated to security . For companies of all sizes , limited risk visibility and resource constraints make it challenging to improve their security . Fewer than half ( 42 %) of UK organisations rate their risk visibility as strong . Meanwhile , 21 % have downsized IT staff and 62 % have either already reduced IT budgets or are planning to do so as they continue grappling with the challenging global economic environment .

Conducted by Sapio Research on behalf of Vanta , the State of Trust 2023 Report surveyed the behaviours and attitudes of 2,500 business leaders , including the 500 in the UK , as well as respondents across Australia , France , Germany and the US to understand the challenges and opportunities they ’ re facing when it comes to security and trust management .

The security improvement imperative

In an environment where customers want more insight into a company ’ s security practices , organisations are at an impasse . Two-thirds ( 67 %) say that customers , investors and suppliers are increasingly looking for proof of security and compliance . While 37 % provide internal audit reports and third-party audits and 39 % complete security questionnaires , one-in-eight ( 12 %) admit they don ’ t or can ’ t provide evidence when asked . That means UK companies are falling at the very first hurdle – costing them potential revenue and growth opportunities in new markets . Additionally :

• The average UK leader spends on average 7.5 hours per week – more than nine working weeks a year – on achieving security compliance or staying compliant .

• The two biggest barriers to proving and demonstrating security externally are a lack of staffing ( 33 %) and lack of automation to replace manual work ( 30 %).

• Only 10 % of UK businesses ’ IT budgets are dedicated to security , with one-inthree leaders saying their IT budgets are continuing to shrink .

• Identity and Access Management and data processing that doesn ’ t comply with regulations are the two biggest blind spots for UK organisations .

• Over half ( 57 %) are concerned that secure data management is becoming more challenging with AI adoption with

55 % saying that using Generative AI could erode customer trust .

The survey findings illustrate the vast differences experienced across time zones :

• UK leaders are more concerned with keeping up to date with evolving regulations than any other market .

• Germany has the strongest visibility into security risks of all markets , with 47 % saying they have ‘ strong ’ or ‘ very strong ’ sight of risks .

• 76 % of leaders in France say they need to improve security and compliance , the highest of all markets .

Automation and Generative AI are top of mind for IT and business decision-makers , with 78 % of UK business leaders already or planning to use AI / ML to detect high risk actions . But the risks of Generative AI without guardrails can ’ t be denied . For larger organisations , nearly sixin-10 ( 56 %) leaders say regulating AI would make them more comfortable when it comes to investing in it . p

70 INTELLIGENTCIO EUROPE www . intelligentcio . com