Why a decline in security spending is bad news

David Robinson
By , - Information Security

Pricewaterhouse Coopers has recently launched its 2015 Global State of Information Security Survey, which offers some real food for thought for both security professionals and businesses.

What alarmed me upon reading the report is the finding that despite a huge rise in of data breaches and cyber-attacks, security budgets are actually falling across many organisations. According to the research, average information security budget worldwide has dipped to $4.1 million, 4% less than last year. Security spending meanwhile continues to stagnate, representing just 3.8% of overall IT budget.

Another worrying finding is that smaller companies don’t appear to be treating security as a serious threat that demands substantial investment – the figures show that companies with revenues of less than $100 million have actually reduced their security investments by 20% across 2013. Medium and large companies, meanwhile, report just a 5% increase in security spending – a sobering finding in light of recent high-profile security breaches involving big names like eBay, Yahoo, Adobe and Apple where unprecedented amounts of customer data have been compromised.

High-profile security breaches like these mean that consumers are wising up to the potential dangers of sharing their personal data with companies, and are becoming increasingly likely to stop doing business with a company if they feel that their data is being compromised. Reassuring customers that their information is being handled and stored in the correct way is therefore crucial for companies looking to sustain customer trust. This report, however, does little to achieve this.

What’s more, Fujitsu’s own research has shown that just 9% of consumers believe that organisations are doing enough to secure their data – a damning finding for businesses operating in a competitive environment where focusing on the customer has emerged as the key to profitability.

With the security threat every organisation is now facing very real, and very difficult to combat, organisations can no longer afford to make errors when it comes to security.  An industrial-sized effort is required to combat these organised groups of criminals to protect a company’s most valuable asset – its data.

If an organisation knows the value of what it has to protect, it can then make clear business decisions based on risk as to the value of commensurate investment needed. A good way to start looking at this and understand the size of the issue is to get a security risk assessment. Only then can companies tackle the growing security threat head-on.

 

Image Credit : thomsonwilliam94

 

Leave a Reply

Your email address will not be published. Required fields are marked *