Security Spending Increasing, Along With Data Breaches

A recent survey of the worldwide security landscape is offering a glimpse into where the industry is headed, with spending increasing, along with the threat of data breaches ballooning as well.

The report, "The 2018 Thales Data Report -- Global Edition," conducted by 451 Research and commissioned by cloud and security vendor Thales eSecurity, gives some insights into where security is heading and what security pros should be on the lookout for as 2018 unfolds.

The report is based on surveys and interviews with 1,200 senior security executives from the US, UK, Germany, Japan, Sweden, the Netherlands, South Korea and India. These security professionals include those working in federal governments, retail, finance and healthcare. Of the 1,200, more than one third (34%) have "major" influences on security decisions, and nearly half (46%) have sole decision-making authority -- an influential group, to be sure.

In broad strokes, respondents report that security spending will increase this year. However, at the same time, data breaches have also increased. In the report, 78% of those surveyed report that they plan to increase IT security spending in 2018, up from 73% globally, in 2017. This includes nearly 86% of US-based organizations.

(Source: iStock)

That increased spending is needed because nearly half (46%) of the US respondents reported a breach in the previous 12 months, nearly double the 24% that reported one last year. Over one third (36%) of global respondents reported the same sort of breach occurrences. (See Global Security Spending Will Top $96B in 2018 – Report.)

These breaches have given rise to perceptions of being "very" or "extremely" vulnerable to security threats. The levels reported by the surveyed were 44% globally and 53% in the US. This compares with 30% globally and 29% in the US that the report found one year ago.

Compliance requirements have historically been the driver of IT security spending, but this report shows a change in what is driving this spending.

The top stimulus for security spending reported was the avoidance of financial penalties associated with data breaches -- 39% this year versus 35% last year -- along with increased use of the cloud -- about 39% globally.

The fundamentals of network security are being redefined -- don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

The effectiveness of spending that was done also showed changes compared to last year. Securing data at rest (77% global) for the first time surpassed the effectiveness of network security, while endpoint security (64%) was dead last.

However, endpoint security has the highest rates for planned security spending increases (57% global and 65% in the US) while data-at-rest ranked last for spending increases globally (40%) and in the US (44%). This may be due to what is seen as being effective, with the least effective areas showing the need for the most increase in spending.

Still, perceptions of complexity may also come into play regarding data-at-rest, since it is the top barrier to adopting data security globally (43%) followed by concerns over performance which is a close second (42%).

Artificial intelligence seems to be a mixed bag for the respondents. (See AI Prepares for Security Spotlight.)

Two thirds of all respondents think AI techniques may enable an increased awareness and detection of attacks before they occur, but 43% also see increased breaches occurring because of AI-based hacking tools.

The Thales report is useful to security professionals because it shows changes in perceptions as they occur over time, whether or not the specific values represent the field as a whole. This year's study shows that security has gone past simple compliance boundaries, and moved into dealing with real-world breaches and the costs that they incur.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.