IT security budgets drop, despite the rise in the number of attacks
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
October 1, 2014
According to a new report by management consultants PwC, information security budgets are dropping despite a continued rise in the number of hacking attacks.
To be sure, detected security incidents grew 66.3 percent year-over-year since 2009, reaching the equivalent of 117,339 attacks per day, according to PwC's "Global State of Information Security Survey of 2015".
The estimated reported average financial loss from cybersecurity incidents was $2.7 million, a 34.7 percent increase over last year, PwC warns.
But despite the recent increase in the flurry of attacks, the survey also revealed that global information security budgets actually dropped 4.1 percent when compared with 2013.
Security spending as a percentage of IT budget has remained "stalled at about 3.5 to 4 percent or less" since October 2009.
“Strategic security spending demands that businesses identify and invest in cybersecurity practices that are most relevant to today’s advanced and more complex cyberattacks,” said Mark Lobel, a PwC advisory principal focused on information security in the enterprise segment.
“It’s critical to fund processes that fully integrate predictive, preventive and incident-response capabilities to minimize the impact of these events,” he added.
David Robinson, chief security officer at Fujitsu U.K./Ireland, expressed some surprise at the drop in actual spending, as over the "last few months we have seen a huge amount of data security breaches so it's really shocking to hear that cyber security budgets are actually falling when instead they should be going up substantially."
"The threat facing every organization on the globe is very real and also extremely difficult to combat, so they can no longer afford to make errors when it comes to cyber security," he concluded.
Darren Anstee, director of internet security solutions and cyber architects at DDoS mitigation firm Arbor Networks, was also very surprised, arguing the importance of internet security needs to be sold to executive boards first and foremost.
Rather than security managers failing to make a business case for additional security tools and service, the drop in IT security budgets is more a sign that the required dialogue is not happening effectively, he added.
"Businesses need to look closely at the various risks they face, and the potential associated costs, so that the value of internet security spending is appreciated throughout the entire management chain, all the way to the executive board level. By investing in the appropriate solutions, training and processes, organizations can minimise their risk, and reduce the longevity and cost of any security breach," Anstee said.
Source: PwC Security Consultants.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!