Security & Compliance Blog

Highlights from the 2017 Forbes Insights and BMC Security Survey

Bill Berutti
3 minute read
Bill Berutti


2016 was a year of surprises.  The continued growth of hacking incidents with their devastating trail of destruction was among the more shocking developments.  It brought cybersecurity concerns to the center of every conversation.  Many an IT executive has suffered sleepless nights as they tried to figure out how they could protect their organization and their customers while delivering rapid innovation across an intricate web of scenarios.

At BMC, we are helping our customers evaluate their current security posture, so they can identify strengths and weaknesses in their ability to prevent, detect, and respond to threats.   We then help them build out a plan to begin their journey towards a more modern set of tools and processes that can provide the scale, flexibility, and agility they need in the digital era.  Part of our commitment to this endeavor is to partner with industry experts to discuss what is working and what’s not so we can push the thinking on how to solve these problems that no one can afford to ignore.

Today we are releasing the 2nd Annual Security survey done with Forbes Insights titled “Enterprises Re-Engineer Security in the Age of Digital Transformation.”  Over 300 senior executives were surveyed to examine how organizations continue to evolve and invest to protect themselves and their customers. Below are some highlights of our findings:

69% say digital transformation is forcing changes to security strategies

Unsurprisingly, digital transformation is one of the leading causes of disruption in security practices.  Sean Pike of IDC said “The key word here is ‘distributed.’ We have distributed workloads, distributed office environments, employees who are distributed, devices that are distributed…As a result, data is constantly flowing in and out of organizations, which in turn means enterprises must protect data wherever it is at any time.”  As we go into 2017, organizations are going to have to prioritize data protection practices and policies.

64% will boost spending to protect against known security threats

Protect yourself against known threats.  It seems fairly obvious, but it’s harder than it sounds for most organizations.  The scale, complexity, and speed that organizations are coping with makes addressing known vulnerabilities a challenge.  As a result, 43% will make timely patching and remediation a higher priority in 2017.  The good news for organizations in this group is that patching and remediation tools are regarded as those with the highest ROI.

68% plan to enhance incident response capabilities in the next 12 months

Once you protect yourself from the known, you move to the unknown.  Given the myriad ways that hackers penetrate organizations, it’s all but impossible to be breach-proof.  With this in mind, organizations need to focus on how they identify issues quickly, limit damage, and respond effectively.  “Here’s the reality: your organization doesn’t get bad press because you let bad guys into your network. It’s because of what they stole once they broke in,” says Paul Lewis, chief technology officer for Hitachi Data Systems. A strong guiding principle is that enterprises should avoid as many incidents as possible by eradicating the known risks with systematic and effective execution.  This frees up resources to work unexpected issues, while giving them a rapid execution model to deploy changes.

Operations teams are seeing heightened accountability for security breaches

Who is accountable?  It’s a key question in any organization.  In last year’s survey we explored the relationship between security and operations teams and found that most executives felt that a tighter relationship between them would improve the security of the organization.  Over the past year, operations teams have seen an increase in accountability for security.  Specifically, the operations team is now evaluated against their ability to apply patches for known vulnerabilities within established service level agreements with the security team.

Are you ready for 2017?

At BMC we are committed to continue to innovate and to help organizations protect themselves against attacks.  The bottom line is that the frequency and severity of attacks will continue to rise until something significant is done.  The time for action is now.

Dummies Guide to Security Operations

When security and operations teams collaborate closely, they can protect your business more effectively against all kinds of threats. Learn more in the SecOps For Dummies guide.

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing

BMC Bring the A-Game

From core to cloud to edge, BMC delivers the software and services that enable nearly 10,000 global customers, including 84% of the Forbes Global 100, to thrive in their ongoing evolution to an Autonomous Digital Enterprise.
Learn more about BMC ›

About the author

Bill Berutti

Bill Berutti

Bill Berutti is the President, Cloud Management/Data Center Automation and SVP, ESO Group Operations for BMC Software, Inc. Prior to joining BMC, Berutti was a member of the management team at PTC where he was executive vice president of the Service Lifecycle Management (SLM) business unit, the company’s fastest growing business. As general manager of SLM, Berutti doubled the size of the business over two years through both organic and acquired growth. Berutti holds a bachelor of science in business administration from Miami University in Oxford, Ohio, and he is a graduate of Harvard Business School’s Finance for Senior Executives program.