The financial damage incurred by organisations due to cyber attacks over the past five years has grown by 72%, averaging $13 million per organisation. Across the same period, new analysis by cyber security firm Garrison of data from Microsoft & Marsh, Gartner and Accenture reveals the frequency of security breaches has increased by 67%.
Despite the failure of increased spending to prevent a significant number of cyber breaches and reduce financial losses incurred, the long-term trend is set to continue with expenditure projected to escalate even further to $188 billion a year by 2023. The same data shows that cyber security services have already grown to become the biggest cost for enterprises across their security and risk management spending.
David Garfield, CEO of Garrison, said: “Despite huge investment in cyber security, businesses remain dangerously exposed. It’s an open secret in the industry that businesses have little evidence whether the security software that they buy actually provides security. Currently, IT Departments conduct evaluations of technical features, but can only afford cursory testing, at best, to assess how well the software will stand up to attack. It’s concerning to see that, although buying decisions are often informed by third party analysis of technical features, reliance on in-depth third party security analysis is actually rare, even among sophisticated security buyers such as the world’s biggest banks.”
Garfield added: “This behaviour has bred an industry which focuses on IT features rather than security. We see the results in a security landscape where businesses have learned that being breached is a question of ‘When, not If’. This shouldn’t be the case as there are solutions in the industry that provide much stronger protection for customers who demand it.”
Garfield continued: “At Garrison, we’re calling for a fundamental change. We urge businesses to reassess buying practices and incentivise the technology industry to raise the bar against attack. Businesses should look for in-depth independent security testing as a basis for making cyber security buying decisions. Realistically, such testing will likely be too expensive for most single buyers. This change will require a new era of collaboration between businesses to articulate their demands, share costs and ensure that good money is no longer wasted on bad security.”