Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //


// // //
08:05 AM
Larry Loeb
Larry Loeb
Larry Loeb

Security Spending Increasing, Along With Data Breaches

In one of those good news/bad news reports on the state of security, the amount of money being spent on security is expected to increase this year, but the number of data breaches is also rising.\r\n\r\n

A recent survey of the worldwide security landscape is offering a glimpse into where the industry is headed, with spending increasing, along with the threat of data breaches ballooning as well.

The report, "The 2018 Thales Data Report -- Global Edition," conducted by 451 Research and commissioned by cloud and security vendor Thales eSecurity, gives some insights into where security is heading and what security pros should be on the lookout for as 2018 unfolds.

The report is based on surveys and interviews with 1,200 senior security executives from the US, UK, Germany, Japan, Sweden, the Netherlands, South Korea and India. These security professionals include those working in federal governments, retail, finance and healthcare. Of the 1,200, more than one third (34%) have "major" influences on security decisions, and nearly half (46%) have sole decision-making authority -- an influential group, to be sure.

In broad strokes, respondents report that security spending will increase this year. However, at the same time, data breaches have also increased. In the report, 78% of those surveyed report that they plan to increase IT security spending in 2018, up from 73% globally, in 2017. This includes nearly 86% of US-based organizations.

(Source: iStock)
(Source: iStock)

That increased spending is needed because nearly half (46%) of the US respondents reported a breach in the previous 12 months, nearly double the 24% that reported one last year. Over one third (36%) of global respondents reported the same sort of breach occurrences. (See Global Security Spending Will Top $96B in 2018 Report.)

These breaches have given rise to perceptions of being "very" or "extremely" vulnerable to security threats. The levels reported by the surveyed were 44% globally and 53% in the US. This compares with 30% globally and 29% in the US that the report found one year ago.

Compliance requirements have historically been the driver of IT security spending, but this report shows a change in what is driving this spending.

The top stimulus for security spending reported was the avoidance of financial penalties associated with data breaches -- 39% this year versus 35% last year -- along with increased use of the cloud -- about 39% globally.

The fundamentals of network security are being redefined -- don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

The effectiveness of spending that was done also showed changes compared to last year. Securing data at rest (77% global) for the first time surpassed the effectiveness of network security, while endpoint security (64%) was dead last.

However, endpoint security has the highest rates for planned security spending increases (57% global and 65% in the US) while data-at-rest ranked last for spending increases globally (40%) and in the US (44%). This may be due to what is seen as being effective, with the least effective areas showing the need for the most increase in spending.

Still, perceptions of complexity may also come into play regarding data-at-rest, since it is the top barrier to adopting data security globally (43%) followed by concerns over performance which is a close second (42%).

Artificial intelligence seems to be a mixed bag for the respondents. (See AI Prepares for Security Spotlight.)

Two thirds of all respondents think AI techniques may enable an increased awareness and detection of attacks before they occur, but 43% also see increased breaches occurring because of AI-based hacking tools.

The Thales report is useful to security professionals because it shows changes in perceptions as they occur over time, whether or not the specific values represent the field as a whole. This year's study shows that security has gone past simple compliance boundaries, and moved into dealing with real-world breaches and the costs that they incur.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-12-09
There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet.
PUBLISHED: 2022-12-09
A network misconfiguration is present in versions prior to of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do...
PUBLISHED: 2022-12-09
Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java.
PUBLISHED: 2022-12-09
IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...
PUBLISHED: 2022-12-09
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.