Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //


// // //
08:05 AM
Larry Loeb
Larry Loeb
Larry Loeb

Security Spending Increasing, Along With Data Breaches

In one of those good news/bad news reports on the state of security, the amount of money being spent on security is expected to increase this year, but the number of data breaches is also rising.\r\n\r\n

A recent survey of the worldwide security landscape is offering a glimpse into where the industry is headed, with spending increasing, along with the threat of data breaches ballooning as well.

The report, "The 2018 Thales Data Report -- Global Edition," conducted by 451 Research and commissioned by cloud and security vendor Thales eSecurity, gives some insights into where security is heading and what security pros should be on the lookout for as 2018 unfolds.

The report is based on surveys and interviews with 1,200 senior security executives from the US, UK, Germany, Japan, Sweden, the Netherlands, South Korea and India. These security professionals include those working in federal governments, retail, finance and healthcare. Of the 1,200, more than one third (34%) have "major" influences on security decisions, and nearly half (46%) have sole decision-making authority -- an influential group, to be sure.

In broad strokes, respondents report that security spending will increase this year. However, at the same time, data breaches have also increased. In the report, 78% of those surveyed report that they plan to increase IT security spending in 2018, up from 73% globally, in 2017. This includes nearly 86% of US-based organizations.

(Source: iStock)
(Source: iStock)

That increased spending is needed because nearly half (46%) of the US respondents reported a breach in the previous 12 months, nearly double the 24% that reported one last year. Over one third (36%) of global respondents reported the same sort of breach occurrences. (See Global Security Spending Will Top $96B in 2018 Report.)

These breaches have given rise to perceptions of being "very" or "extremely" vulnerable to security threats. The levels reported by the surveyed were 44% globally and 53% in the US. This compares with 30% globally and 29% in the US that the report found one year ago.

Compliance requirements have historically been the driver of IT security spending, but this report shows a change in what is driving this spending.

The top stimulus for security spending reported was the avoidance of financial penalties associated with data breaches -- 39% this year versus 35% last year -- along with increased use of the cloud -- about 39% globally.

The fundamentals of network security are being redefined -- don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

The effectiveness of spending that was done also showed changes compared to last year. Securing data at rest (77% global) for the first time surpassed the effectiveness of network security, while endpoint security (64%) was dead last.

However, endpoint security has the highest rates for planned security spending increases (57% global and 65% in the US) while data-at-rest ranked last for spending increases globally (40%) and in the US (44%). This may be due to what is seen as being effective, with the least effective areas showing the need for the most increase in spending.

Still, perceptions of complexity may also come into play regarding data-at-rest, since it is the top barrier to adopting data security globally (43%) followed by concerns over performance which is a close second (42%).

Artificial intelligence seems to be a mixed bag for the respondents. (See AI Prepares for Security Spotlight.)

Two thirds of all respondents think AI techniques may enable an increased awareness and detection of attacks before they occur, but 43% also see increased breaches occurring because of AI-based hacking tools.

The Thales report is useful to security professionals because it shows changes in perceptions as they occur over time, whether or not the specific values represent the field as a whole. This year's study shows that security has gone past simple compliance boundaries, and moved into dealing with real-world breaches and the costs that they incur.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-10-01
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.
PUBLISHED: 2022-09-30
### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end use...
PUBLISHED: 2022-09-30
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.
PUBLISHED: 2022-09-30
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.
PUBLISHED: 2022-09-30
A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.