Tech firms that proactively root out security flaws are in high demand

Organizations are showing increasing enthusiasm for vendor transparency over security

According to a new survey, most organizations would prefer tech providers to be more proactive in securing their offerings.

Around three-quarters of IT security professionals (73%) said their organizations are more likely to purchase technology and services from companies that find, mitigate, and communicate security vulnerabilities proactively. 

The survey, conducted by Ponemon Institute and commissioned by Intel looked into what affects an organization’s security technology investment decision-making.

The study of IT security professionals in the US, UK, Europe, the Middle East, Africa, and Latin America, found that 76% of respondents believe it’s highly important their technology provider offers hardware-assisted capabilities to mitigate software exploits. 

The report found that 66% of those surveyed said it was highly important for vendors to have the “ability to identify vulnerabilities in its products and mitigate them.” However, only 46% of respondents said their current technology provider has this capability.

Nearly two-thirds (64%) of respondents said it’s highly important for their technology provider to be transparent about available security updates and mitigations. However, less than half (48%) of respondents say their technology providers have this capability.

The survey found that 74% of respondents said it’s highly important for their technology provider to apply ethical hacking practices to identify and address vulnerabilities in its products proactively.

The report said that of all the capabilities represented in this research, “the most important is the technology provider’s capability to apply ethical hacking practices to proactively identify and address vulnerabilities in its products and to provide ongoing assurance and evidence that the components are operating in a known and trusted state.”

The report also said organizations’ budgets are not sufficient to support a strong security posture. Eighty-six percent of respondents said their IT budgets were only adequate.

Other barriers to security deployment included interoperability (63%), installation costs (58%), system complexity (57%), vendor support hurdles (55%), and issues with scalability (53%).

When it comes to patching, only 30% of respondents said their organizations could patch critical or high-priority vulnerabilities in a week or less. On average, it takes almost six weeks to patch a detected vulnerability. These delays were due to human error (63%), the inability to take applications or systems offline to apply a patch (58%), or not having adequate visibility of affected systems across the organization (52%), the report found.

“Security doesn’t just happen,” said Suzy Greenberg, vice president, Intel Product Assurance and Security. “If you are not finding vulnerabilities, then you are not looking hard enough.”

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Sophos Intercept X Advanced review: AI-powered protection
endpoint security

Sophos Intercept X Advanced review: AI-powered protection

30 Nov 2021
SMBs urged to update software ahead of Black Friday
e commerce

SMBs urged to update software ahead of Black Friday

25 Nov 2021
US adds dozen Chinese tech companies to trade blacklist
Policy & legislation

US adds dozen Chinese tech companies to trade blacklist

25 Nov 2021
Fifth of UK security pros discriminated against in 2021
Careers & training

Fifth of UK security pros discriminated against in 2021

23 Nov 2021

Most Popular

Business customers can get 30% off the Surface Laptop Go for Black Friday 2021
Laptops

Business customers can get 30% off the Surface Laptop Go for Black Friday 2021

26 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021
Flaw in Android phones could let attackers eavesdrop on calls
Google Android

Flaw in Android phones could let attackers eavesdrop on calls

26 Nov 2021