Breaches more frequent despite record levels of spending on cyber security

The financial damage incurred by organisations due to cyber attacks over the past five years has grown by 72%, averaging $13 million per organisation. Across the same period, new analysis by cyber security firm Garrison of data from Microsoft & Marsh, Gartner and Accenture reveals the frequency of security breaches has increased by 67%.

Despite the failure of increased spending to prevent a significant number of cyber breaches and reduce financial losses incurred, the long-term trend is set to continue with expenditure projected to escalate even further to $188 billion a year by 2023. The same data shows that cyber security services have already grown to become the biggest cost for enterprises across their security and risk management spending.

David Garfield, CEO of Garrison, said: “Despite huge investment in cyber security, businesses remain dangerously exposed. It’s an open secret in the industry that businesses have little evidence whether the security software that they buy actually provides security. Currently, IT Departments conduct evaluations of technical features, but can only afford cursory testing, at best, to assess how well the software will stand up to attack. It’s concerning to see that, although buying decisions are often informed by third party analysis of technical features, reliance on in-depth third party security analysis is actually rare, even among sophisticated security buyers such as the world’s biggest banks.”

Garfield added: “This behaviour has bred an industry which focuses on IT features rather than security. We see the results in a security landscape where businesses have learned that being breached is a question of ‘When, not If’. This shouldn’t be the case as there are solutions in the industry that provide much stronger protection for customers who demand it.”

Garfield continued: “At Garrison, we’re calling for a fundamental change. We urge businesses to reassess buying practices and incentivise the technology industry to raise the bar against attack. Businesses should look for in-depth independent security testing as a basis for making cyber security buying decisions. Realistically, such testing will likely be too expensive for most single buyers. This change will require a new era of collaboration between businesses to articulate their demands, share costs and ensure that good money is no longer wasted on bad security.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts