Security Advisor

Study: Security Incident Rates Increase as Security Budgets Drop

IT's security spending is not keeping up with the reported 42.8 million security incidents in PwC's enterprise survey.

According to a recent IT enterprise poll, security incidents have jumped 48 percent in the last year. And while the incidents have dramatically jumped up, enterprise security spending has dropped 4 percent since 2013.

The findings, published today in a report by IT consultant firm PwC titled "The Global State of Information Security Survey 2015," polled 9,700 CEOs CFOs and IT personnel from 154 countries over a period between March and May of this year. Those responding to the poll detected 42.8 million security incidents for the first half of the year in their enterprises, leading to an increased hit in the monetary losses department.

PwC's report found that those respondents reporting losses of more than $20 million has doubled since 2013 -- a statistic that the firm finds troubling. "It's not surprising that reported security breach incidents and the associated financial impact continue to rise year-over-year," said PwC's David Burg. "However, the actual magnitude of these breaches is much higher when considering the nature of detection and reporting of these incidents."

The leading cause of security incidents come from the employees, according to the report. Just as the number of incidents has risen, so have the employee-responsiblebreaches, which increased from 31 percent last year to 35 percent this year. PwC found that insider threats end up being more costly than third party attackers and that the majority of enterprises lack an "insider threat" component to their security plans.

And going by slashed IT budges for security, it appears many enterprises won't be able to add an insider threat component. While the overall decline of 4 percent doesn't sound like a drastic reduction, breaking out the numbers based on enterprise sizes are much more alarming. Companies with revenue less than $100 million (small-sized enterprises) actually saw a reduction in IT security spending by 20 percent.

With the rise of attacks against businesses of all sizes, a reduction of spending will only result in incidents costing more in the end, said PwC. "Strategic security spending demands that businesses identify and invest in cybersecurity practices that are most relevant to today's advanced attacks," said PwC Security Advisor Mark Lobel. "It's critical to fund processes that fully integrate predictive, preventive, detective and incident-response capabilities to minimize the impact of these incidents."

What shouldn't be a surprise is that with the decline in spending also comes with a lack of overall security focus. PwC's study found that many organizations saw a drop in updating or supplementing their existing security strategies with "code-detection tools, monitoring and analysis of security intelligence, and intrusion-detection tools."

The full report (PDF) can be downloaded here.

About the Author

Chris Paoli is the site producer for and


  • Microsoft Publishes Windows Deadlines on Upgrading to SHA-2

    Microsoft on Friday described its 2019 timeline for when it will start distrusting Shell Hashing Algorithm-1 (SHA-1) in supported Windows systems, as well as in the Windows Server Update Services 3.0 Service Pack 2 management product.

  • Performing a Storage Refresh on Windows Server 2016, Part 1

    To spruce up some aging lab hardware, Brien decided to make the jump to all-flash storage. Here's a walk-through of the first half of the process.

  • Datacenters Are Cooling Down as Buildouts Heat Up

    Tech giants Google, Apple and others are expanding their datacenter footprints at a rapid rate, and it's pushing the industry to find better ways to power all that infrastructure.

  • Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks

    This week, the National Institute of Standards and Technology (NIST) described a high-risk security vulnerability (CVE-2019-5736) for organizations using containers that could lead to compromised host systems.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.