Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //


// // //
08:05 AM
Larry Loeb
Larry Loeb
Larry Loeb

Security Spending Increasing, Along With Data Breaches

In one of those good news/bad news reports on the state of security, the amount of money being spent on security is expected to increase this year, but the number of data breaches is also rising.\r\n\r\n

A recent survey of the worldwide security landscape is offering a glimpse into where the industry is headed, with spending increasing, along with the threat of data breaches ballooning as well.

The report, "The 2018 Thales Data Report -- Global Edition," conducted by 451 Research and commissioned by cloud and security vendor Thales eSecurity, gives some insights into where security is heading and what security pros should be on the lookout for as 2018 unfolds.

The report is based on surveys and interviews with 1,200 senior security executives from the US, UK, Germany, Japan, Sweden, the Netherlands, South Korea and India. These security professionals include those working in federal governments, retail, finance and healthcare. Of the 1,200, more than one third (34%) have "major" influences on security decisions, and nearly half (46%) have sole decision-making authority -- an influential group, to be sure.

In broad strokes, respondents report that security spending will increase this year. However, at the same time, data breaches have also increased. In the report, 78% of those surveyed report that they plan to increase IT security spending in 2018, up from 73% globally, in 2017. This includes nearly 86% of US-based organizations.

(Source: iStock)
(Source: iStock)

That increased spending is needed because nearly half (46%) of the US respondents reported a breach in the previous 12 months, nearly double the 24% that reported one last year. Over one third (36%) of global respondents reported the same sort of breach occurrences. (See Global Security Spending Will Top $96B in 2018 Report.)

These breaches have given rise to perceptions of being "very" or "extremely" vulnerable to security threats. The levels reported by the surveyed were 44% globally and 53% in the US. This compares with 30% globally and 29% in the US that the report found one year ago.

Compliance requirements have historically been the driver of IT security spending, but this report shows a change in what is driving this spending.

The top stimulus for security spending reported was the avoidance of financial penalties associated with data breaches -- 39% this year versus 35% last year -- along with increased use of the cloud -- about 39% globally.

The fundamentals of network security are being redefined -- don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

The effectiveness of spending that was done also showed changes compared to last year. Securing data at rest (77% global) for the first time surpassed the effectiveness of network security, while endpoint security (64%) was dead last.

However, endpoint security has the highest rates for planned security spending increases (57% global and 65% in the US) while data-at-rest ranked last for spending increases globally (40%) and in the US (44%). This may be due to what is seen as being effective, with the least effective areas showing the need for the most increase in spending.

Still, perceptions of complexity may also come into play regarding data-at-rest, since it is the top barrier to adopting data security globally (43%) followed by concerns over performance which is a close second (42%).

Artificial intelligence seems to be a mixed bag for the respondents. (See AI Prepares for Security Spotlight.)

Two thirds of all respondents think AI techniques may enable an increased awareness and detection of attacks before they occur, but 43% also see increased breaches occurring because of AI-based hacking tools.

The Thales report is useful to security professionals because it shows changes in perceptions as they occur over time, whether or not the specific values represent the field as a whole. This year's study shows that security has gone past simple compliance boundaries, and moved into dealing with real-world breaches and the costs that they incur.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file