The number of reported security incidents this year has increased by 48%, bringing the total number to 42.8 million – equivalent to 120,000 attacks a day.
It’s clear that cyber attacks are a major threat to any organization and that the sensible response would therefore be to increase security budgets and spend them on effective defenses, right?
Instead, the cry has apparently gone up: “Let’s reduce global security budgets by 4%! That should mix things up!”
Now, I may not be a businessman, but I do have an inkling that this isn’t sensible.
Security budgets at organizations with less than $100 million in revenue fell by an average of 20%, while at medium and large organizations they edged up by only 5%.
This reduction comes as a shock not only because it’s disgraceful, but also because before this year there were three years of budgetary increases.
David Burg, PwC’s global and US advisory cyber security leader said: “There is a misconception out there that the security spend is this colossal block, but it really is not. A lot of executives don’t have that level of awareness.”
I partly agree that a large number of executives don’t have the correct level of awareness to make a correct decision about cyber security, but I think it’s more of a lack of interest than a lack of awareness that’s the problem.
There have been several high-profile attacks in the US in the last few months that have garnered a considerable amount of global news coverage. Target, Home Depot, Neiman Marcus, SuperValu (twice), Goodwill Industries and eBay: there’s your awareness. The lack of interest is visible in the 4%decrease.
Security wins you business
I spoke with a handful of IT professionals about what’s stopping their organization spending the right amount of money on security and the common response was ‘because it doesn’t make money’.
Wrong. A significant number of organizations who call IT Governance about gaining ISO 27001 certification are doing so because their customer(s) demand it. Read any of our ISO 27001 case studies and see how organizations are beating their competition because they can prove that they take cyber security seriously.