Businesses increasing their cybersecurity budgets, but spend it in the wrong places

Spending extra money on antivirus software isn't enough to stop cyberattacks and data breaches
Written by Danny Palmer, Senior Writer

Budgets are on the up, but do you know what to do with yours?

Image: iStock

Businesses are spending more than ever on cybersecurity, but there's still confusion about what to spend it on.

Security spending as a whole is up, says a new report by Thales e-security, with 73 percent of organisations expecting their cybersecurity budget to increase over the next 12 months, a figure which in itself is a jump from the 58 percent which received extra funds for protection last year.

However, despite this, the 2017 Thales Data Threat Report suggests that 26 percent of organisations experienced a data breach in the last year, while a total of 68 percent have previously suffered as a result of an attack.

The report indicates there is an ongoing disconnect between the security solutions organisations spend money on and the ability of those solutions to protect sensitive data. That disconnect is reflected the 30 percent of respondents who say their organisations are 'very vulnerable' or 'extremely vulnerable' to attacks on data.

One of the key issues: data is spread among many to partners, suppliers and contractors, thus blurring the line between insider and outsider threats, and all the while more and more data is being generated.

Despite this, the top spending priorities for cybersecurity are around network and endpoint protection, while the least amount is spent on data-at-rest stored within the memory of systems on the network.

While anti-virus software and firewalls might have previously been enough to keep threats out, this type of security product isn't going to protect the organisation against a data breach - be it accidental or carried out with intent by an insider.

"Organisations keep spending on the same solutions that worked for them in the past but aren't necessarily the most effective at stopping modern breaches. Data protection tactics need to evolve to match today's threats. It stands to reason that if security strategies aren't equally as dynamic in this fast-changing threat environment, the rate of breaches will continue to increase," says Garrett Bekker, senior analyst, information security at 451 Research and author of the report.

These were the biggest hacks, leaks and data breaches of 2016

There's also another issue which is preventing organisations from securing themselves against a data breach; skills and understanding. Half of respondents suggested that the complexity of some data protection systems stood as a barrier to adopting them while over a third believe they lack the staff to implement an update to security procedures.

However, with data breaches becoming ever more common place, organisations can't just ignore the problem and hope that it'll go away.

"Our world, which now includes the cloud, big data, the IoT and Docker, calls for robust IT security strategies that protect data in all its forms, at rest, in motion and in use," says Peter Galvin, vice president of strategy for Thales e-Security.


Editorial standards