Security Advisor

Study: Security Incident Rates Increase as Security Budgets Drop

IT's security spending is not keeping up with the reported 42.8 million security incidents in PwC's enterprise survey.

According to a recent IT enterprise poll, security incidents have jumped 48 percent in the last year. And while the incidents have dramatically jumped up, enterprise security spending has dropped 4 percent since 2013.

The findings, published today in a report by IT consultant firm PwC titled "The Global State of Information Security Survey 2015," polled 9,700 CEOs CFOs and IT personnel from 154 countries over a period between March and May of this year. Those responding to the poll detected 42.8 million security incidents for the first half of the year in their enterprises, leading to an increased hit in the monetary losses department.

PwC's report found that those respondents reporting losses of more than $20 million has doubled since 2013 -- a statistic that the firm finds troubling. "It's not surprising that reported security breach incidents and the associated financial impact continue to rise year-over-year," said PwC's David Burg. "However, the actual magnitude of these breaches is much higher when considering the nature of detection and reporting of these incidents."

The leading cause of security incidents come from the employees, according to the report. Just as the number of incidents has risen, so have the employee-responsiblebreaches, which increased from 31 percent last year to 35 percent this year. PwC found that insider threats end up being more costly than third party attackers and that the majority of enterprises lack an "insider threat" component to their security plans.

And going by slashed IT budges for security, it appears many enterprises won't be able to add an insider threat component. While the overall decline of 4 percent doesn't sound like a drastic reduction, breaking out the numbers based on enterprise sizes are much more alarming. Companies with revenue less than $100 million (small-sized enterprises) actually saw a reduction in IT security spending by 20 percent.

With the rise of attacks against businesses of all sizes, a reduction of spending will only result in incidents costing more in the end, said PwC. "Strategic security spending demands that businesses identify and invest in cybersecurity practices that are most relevant to today's advanced attacks," said PwC Security Advisor Mark Lobel. "It's critical to fund processes that fully integrate predictive, preventive, detective and incident-response capabilities to minimize the impact of these incidents."

What shouldn't be a surprise is that with the decline in spending also comes with a lack of overall security focus. PwC's study found that many organizations saw a drop in updating or supplementing their existing security strategies with "code-detection tools, monitoring and analysis of security intelligence, and intrusion-detection tools."

The full report (PDF) can be downloaded here.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

  • First Stable Chromium-Based Microsoft Edge Browser Released

    Microsoft on Wednesday announced the first release of its Chromium-based Microsoft Edge browser at the "stable" commercial-release stage.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.