Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //

Policy

1/29/2018
08:05 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Security Spending Increasing, Along With Data Breaches

In one of those good news/bad news reports on the state of security, the amount of money being spent on security is expected to increase this year, but the number of data breaches is also rising.\r\n\r\n

A recent survey of the worldwide security landscape is offering a glimpse into where the industry is headed, with spending increasing, along with the threat of data breaches ballooning as well.

The report, "The 2018 Thales Data Report -- Global Edition," conducted by 451 Research and commissioned by cloud and security vendor Thales eSecurity, gives some insights into where security is heading and what security pros should be on the lookout for as 2018 unfolds.

The report is based on surveys and interviews with 1,200 senior security executives from the US, UK, Germany, Japan, Sweden, the Netherlands, South Korea and India. These security professionals include those working in federal governments, retail, finance and healthcare. Of the 1,200, more than one third (34%) have "major" influences on security decisions, and nearly half (46%) have sole decision-making authority -- an influential group, to be sure.

In broad strokes, respondents report that security spending will increase this year. However, at the same time, data breaches have also increased. In the report, 78% of those surveyed report that they plan to increase IT security spending in 2018, up from 73% globally, in 2017. This includes nearly 86% of US-based organizations.

(Source: iStock)
(Source: iStock)

That increased spending is needed because nearly half (46%) of the US respondents reported a breach in the previous 12 months, nearly double the 24% that reported one last year. Over one third (36%) of global respondents reported the same sort of breach occurrences. (See Global Security Spending Will Top $96B in 2018 Report.)

These breaches have given rise to perceptions of being "very" or "extremely" vulnerable to security threats. The levels reported by the surveyed were 44% globally and 53% in the US. This compares with 30% globally and 29% in the US that the report found one year ago.

Compliance requirements have historically been the driver of IT security spending, but this report shows a change in what is driving this spending.

The top stimulus for security spending reported was the avoidance of financial penalties associated with data breaches -- 39% this year versus 35% last year -- along with increased use of the cloud -- about 39% globally.


The fundamentals of network security are being redefined -- don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

The effectiveness of spending that was done also showed changes compared to last year. Securing data at rest (77% global) for the first time surpassed the effectiveness of network security, while endpoint security (64%) was dead last.

However, endpoint security has the highest rates for planned security spending increases (57% global and 65% in the US) while data-at-rest ranked last for spending increases globally (40%) and in the US (44%). This may be due to what is seen as being effective, with the least effective areas showing the need for the most increase in spending.

Still, perceptions of complexity may also come into play regarding data-at-rest, since it is the top barrier to adopting data security globally (43%) followed by concerns over performance which is a close second (42%).

Artificial intelligence seems to be a mixed bag for the respondents. (See AI Prepares for Security Spotlight.)

Two thirds of all respondents think AI techniques may enable an increased awareness and detection of attacks before they occur, but 43% also see increased breaches occurring because of AI-based hacking tools.

The Thales report is useful to security professionals because it shows changes in perceptions as they occur over time, whether or not the specific values represent the field as a whole. This year's study shows that security has gone past simple compliance boundaries, and moved into dealing with real-world breaches and the costs that they incur.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-39229
PUBLISHED: 2021-09-20
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack...
CVE-2021-41083
PUBLISHED: 2021-09-20
Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any ma...
CVE-2021-34650
PUBLISHED: 2021-09-20
The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6.
CVE-2021-41082
PUBLISHED: 2021-09-20
Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were n...
CVE-2020-16630
PUBLISHED: 2021-09-20
TI’s BLE stack caches and reuses the LTK’s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that...