Despite security breaches costing businesses an average of £1.46m to £3.14m last year, according to the annual official PwC study of information security breaches, financial loss is still not a top priority for IT decision makers. The research from Fujitsu, by Coleman Parkes, highlighted how CIOs are more concerned with the loss of sensitive data following the huge rise in advanced threats over the last year.
The research also suggests IT decision makers are not prioritising how they manage their budgets. According to the research, security teams average at between eight to ten people per organisation – a huge investment in people to protect the business from threats. In addition, some 86 per cent of IT decision makers rated security as the most important to their business. Yet despite those statistics, over half of the IT decision makers surveyed spend less than a quarter of their IT budget on security.
Andy Herrington, Head of Cyber Professional Services at Fujitsu, said: “Any organisation, whatever the size or line of business, could be the next target of an advanced attack; so it is of utmost important for organisations to invest in the right security for their organisation. By making security decisions based on finance, rather than on the technology required, businesses are making themselves vulnerable. Looking at each phase of the cyber kill chain is one way of putting yourself in a better position against hackers.”
And Mike Smart, EMEA Security Strategist at Proofpoint, said: “Cybercriminals are profit-driven businesses and are ruthless in their drive for high return on their investments. Recently we have seen attachment-based email attacks & malicious macros make a comeback. These threat actors combine lower up-front and maintenance costs with higher effectiveness through social engineering and recycling older approaches to create a ‘killer app’. It has never been more important for organisations to prioritise their budgets to ensure enough resources surround the weakest parts of the business, including people process & technology.”
