The ITSM Saga (1). IT Department Challenges – Cybersecurity

For over 50 years, the role of IT departments in business has been constantly growing. Such units are now a vital part of ongoing operations and, at the same time, one of the main guarantors of operational stability. And that means effective responses to current problems and challenges – from cybersecurity to organizational ones.

Suffice it to mention that, according to Gartner’s Peer Insights
(community poll) research, as many as 70% of respondents point to strategic thinking as the crucial skill of IT leaders

In addition, it’s worth looking at worldwide numbers to emphasize the significance of the strategic approach to the IT departments.

Worldwide IT Spending Forecast (millions of U.S. Dollars. Source:

IT budgets. Inevitable in numbers

Aberdeen‘s research suggests that global IT spending will reach $4.6 trillion in 2023. According to the State of IT Budgets survey, 66% of businesses expect to increase their year-to-year IT spending. Diving a bit deeper, we will find that 75% of enterprises hiring 1000 or more employees declare raising IT budgets

The mentioned paper provides information that among organizations that modernized and adopted new technologies, 45% reported improved ROI for their IT investments

And these are just simple data allowing us to see that the role of IT departments in business will constantly grow. Meanwhile, many challenges will persist, and new ones will emerge.


But before discussing the most common and expected ones, we should emphasize what IT Service Management (ITSM) is. Why? It’s the core and the best answer to all challenges and fears today’s businesses face. 

What is ITSM (IT Service Management)?

In recent years, IT Service Management (ITSM) has become a popular idea in entrepreneurship, primarily related to digital transformation’s slowly dying out concept. 

ITSM is a structured approach and set of practices organizations use to efficiently design, deliver, manage, and improve their information technology services. It involves processes, tools, and methodologies to ensure that IT services align with the organization’s needs and goals while maintaining quality and compliance.

In a more precise perspective, ITSM is a framework that helps organizations manage their IT services effectively. It includes processes, tools, and strategies to ensure that IT supports the organization’s objectives and lets them fluently operate while meeting quality and compliance standards.

Need a head start?

Jump to our free IT Service Management (ITSM) e-book
and discover all the benefits and practical applications!

So, almost every IT department is pivotal in driving business operations and innovation in today’s digital era. However, as we already stated, the digital realm has its share of formidable challenges – like cybersecurity – which demand proactive strategies and the proper framework for resolution. 

Now, let’s finally explore how organizations can navigate security challenges within IT Service Management (ITSM), aligning it with business needs.

Expected business challenges in 2024. Source: The State of IT,


Problems and challenges related to cybersecurity are permanent and increasingly multidisciplinary. This issue constantly evolves and thus requires continuous improvement of strategies, knowledge, tools, network monitoring methods, and employee education. Cybersecurity is also one of the most sensitive elements in the activities of IT teams and company as a whole.

In other words, it refers to the practices of protecting computer systems, networks, data, and digital assets from various forms of cyber threats, attacks, and unauthorized access. The primary objective is to ensure confidentiality, integrity, and availability of information and technology resources.

Security tools

Above all, cybersecurity encompasses a significant range of measures and strategies aimed at safeguarding digital environments from potential risks, including:

  1. Malware Protection involves defending against malicious software (malware) such as viruses, worms, Trojans, and ransomware that can infiltrate systems and cause harm.
  2. Network Security aims to ensure the security of computer networks through practices like firewalls, intrusion detection and prevention systems, and virtual private networks (VPNs).
  3. Data Protection secures sensitive data from unauthorized access or theft through encryption, access controls, and data backup and recovery plans.
  4. Identity and Access Management (IAM) is about managing and verifying user identities and controlling their access to digital resources, preventing unauthorized entry.
  5. Security Awareness and Training. Educating users and employees about cybersecurity best practices allows them to reduce the risk of human errors and social engineering attacks like phishing and many more.
  6. Incident Response includes developing plans and procedures to respond effectively to cybersecurity incidents, minimize damage, and recover quickly.
  7. Vulnerability Management. It identifies and addresses weaknesses or vulnerabilities in systems and software to prevent exploitation by attackers.
  8. Security Policies and Procedures. They establish and enforce security policies and protocols to guide safe and responsible behavior within an organization.
  9. Security Auditing and Compliance. The idea is to conduct regular audits to ensure compliance with industry regulations and standards and, at the same time, identify potential security gaps.
  10. Cybersecurity Monitoring and Threat Intelligence strive for continuous network traffic and systems monitoring for signs of suspicious activity. The goal is to stay informed about emerging threats through threat intelligence sources.
Simplified map of cybersecurity areas. Source:

The range of threats

Among many challenges in this field, the most common are:

Threat landscape

It requires a constant awareness of new tactics and techniques for compromising systems and sensitive data extraction. In short, it represents the ever-changing risks and attack methods.

Data breaches

The problem harms the company’s finances and reputation, often leading to legal responsibilities. The main challenge is appropriately protecting sensitive data, including encryption, access management, and routine security evaluations.

The global average data breach cost in 2023 was $4.45 million 
(a 15% increase since 2020).


Phishing attacks

Phishing attacks are a prevalent cybersecurity threat involving misleading emails or websites to deceive individuals into divulging sensitive information. In other words, the main challenge for the IT department lies in educating employees, raising their awareness, and establishing proper filtering systems (among others).


Ransomware attacks encrypt data and demand decryption payments, causing business disruptions and data loss. IT departments must maintain regular data backups and develop response plans to minimize the impact.

In 2022, 493.33 million ransomware attacks were detected by organizations worldwide.


Patch management

Regularly updating software and systems with security patches is essential to prevent known vulnerabilities from being exploited. That is to say, IT departments should establish an effective patch management process for timely updates. No matter how obvious it may sound.


Employee training

Cybersecurity breaches continue to be significantly influenced by human mistakes. That requires regular cybersecurity training for the staff about identifying and effectively addressing security threats.

Network security

Securing the network infrastructure is of utmost importance. It includes setting up firewalls, deploying intrusion detection systems, and consistently assessing network configurations to identify and address potential vulnerabilities.

In addition, it won’t be anything new to say that growing traffic worldwide increases the potential risk of breaching network security. 

Internet crimes in U.S,, according to FBI Internet Crime Report. Source:

Incident response

Possessing a clearly outlined incident response strategy is imperative. To clarify, IT departments should be ready to identify promptly, react to, and bounce back from security breaches. That encompasses isolating impacted systems, scrutinizing the breach, and informing relevant individuals or entities.

It takes companies 197 days to identify a breach and 69 days to contain one on average. Such a delay between infection, detection, and containment can cost businesses millions. On the other hand, companies that can contain a breach in less than 30 days save more than $1M compared to those closer to the average response time.

 — IBM


Numerous sectors come with distinct cybersecurity compliance mandates that companies must comply with. Therefore, IT departments should collaborate closely with legal and compliance teams to guarantee that the organization fulfills these responsibilities.

Security culture

Today, establishing a security culture within the organization is crucial yet challenging. That entails receiving leadership endorsement from the top down and instilling a collective sense of responsibility for safety among all staff members.

96% of executives treat cybersecurity resilience as the highest priority for the company.


The U.S. National Institute of Standards and Technology describes (defines) cyber resilience as:

Being able to withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.

How ITSM supports cybersecurity

Primarily, ITSM originated as a set of best practices for managing IT services efficiently and aligning them with business needs. The focus was on incident management, change management, and service desk operations tasks. However, as IT became increasingly integrated into business operations, the scope of ITSM expanded beyond operational efficiency to encompass broader organizational goals. This expansion naturally led to considerations about IT security.

The growing reliance on digital technology and the internet in the late 20th century brought new cybersecurity challenges with increasing frequency and severity.

ITSM practices began to incorporate security-related elements to address these emerging threats. The integration of cybersecurity into ITSM was motivated by several factors:

Standardized Procedures

ITSM promotes establishing standardized procedures for various IT and security-related tasks, ensuring they are consistently executed. These standardized processes are critical in cybersecurity as they reduce the risk of errors or oversights. The likelihood of overlooking essential security measures decreases when security-related procedures are well-defined and uniform.

Efficient Incident Response

Efficient incident response is a hallmark of effective cybersecurity. ITSM streamlines incident response workflows by providing a structured framework for reporting, tracking, and resolving security incidents. Consequently, that approach reduces the time required to detect, assess, and mitigate cybersecurity incidents. It ensures that security incidents are addressed promptly, minimizing their impact on the organization.

Access Control

The incident prevention makes effective user access management a fundamental aspect of cybersecurity. IT Service Management processes include access control mechanisms that ensure employees have appropriate access levels based on their roles and responsibilities. Likewise, proper access control reduces the risk of unauthorized system entry or data breaches. By managing user access effectively, organizations can prevent security breaches resulting from unauthorized access.

Access Management (ITIL approach). Source:

Change Management

Change management is essential for maintaining the security of IT systems. ITSM processes ensure that changes to IT systems, including security updates and patches, undergo proper assessment and implementation. As a result, that minimizes vulnerabilities arising from unpatched systems. Regular updates and changes are critical in keeping systems resilient against evolving cyber threats.

Risk Assessment Procedures

Cybersecurity risk assessment is a proactive approach to identifying and prioritizing cybersecurity risks. That is to say, ITSM can incorporate risk assessment procedures into its framework. These procedures enable organizations to assess potential threats, vulnerabilities, and their potential impact. Organizations can focus their resources on mitigating the most critical threats by identifying high-priority risks.

Compliance Management

ITSM can play a pivotal role in compliance management. It involves tracking and ensuring compliance with cybersecurity regulations and standards relevant to the organization’s industry. Consequently, compliance management reduces legal and financial risks associated with non-compliance. It ensures that the organization adheres to industry-specific cybersecurity requirements.

Training and Awareness

Employee security awareness is a vital component of cybersecurity. ITSM can support security awareness programs by tracking employee training and monitoring adherence to security policies. Regular training and awareness efforts are essential for creating a cybersecurity-conscious workforce capable of detecting and reporting security incidents.

Cybersecurity Awareness training for employees. Source: 

Continuous Improvement

ITSM encourages a culture of continuous improvement. In cybersecurity, organizations can adapt to evolving threats and enhance their security posture over time. Therefore, by regularly reviewing and updating security procedures and controls, organizations can stay resilient against emerging cyber threats.

Resource Optimization

Efficient resource allocation is critical for effective cybersecurity. Therefore, ITSM helps organizations allocate resources efficiently by identifying security priorities and ensuring that cybersecurity efforts receive appropriate funding and staffing. Such optimization ensures that the organization’s cybersecurity initiatives align with its risk profile and strategic objectives. Consequently, it requires a proper documentation.


Experts consider documentation as a cornerstone of effective cybersecurity. Therefore, ITSM promotes the documentation of security policies, procedures, and incident reports. This documented information is invaluable during audits and investigations, providing a record of actions taken and helping organizations demonstrate compliance and respond effectively to security incidents.

While these points illustrate how the discussed methodology can enhance cybersecurity, the specific impact and statistics would depend on the organization’s implementation and adherence to ITSM practices.

If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.

— Richard Clarke


In conclusion, IT departments face ongoing and diverse challenges in the ever-changing digital landscape, with cybersecurity being the most prominent. As was described earlier, such venture encompasses threat awareness, data breaches, phishing, ransomware, patch management, employee training, network security, incident response, compliance, and cultivating a security culture.

However, to address the problems effectively, organizations should adopt IT Service Management (ITSM), a structured framework that aligns IT services with business needs. ITSM offers a set of standardized procedures for efficient incident response, access control, change management, risk assessment, compliance management, training, continuous improvement, resource optimization, and documentation.
Let’s repeat repeatedly that IT departments play a vital role in modern business operations and innovation. Its significance constantly grows, and this trend will be stronger and more demanding.

Above all, by implementing ITSM, organizations can better navigate cybersecurity challenges and enhance their security posture as they continue to invest in digital transformation. Addressing all cyber threats will ensure operational stability and security in the digital era.

From a service supplier to benefits provider. Boosting your IT department with ITSM.


Wojciech Andryszek

Content Specialist at Deviniti. Versatile and creative writer with experience in writing for science, medicine, IT, tech, and video production companies. Advanced in storytelling, B2B writing, screenwriting, and storyboarding. Reader with a restless mind.

More from this author