The Channel logo


By | John Leyden 1st October 2014 12:37

Biz coughs up even less for security, despite mega breach losses

Spend more, say beancounters

Information security budgets are falling despite a continuing rise in the number of attacks, according to a new report by management consultants PwC.

Detected security incidents have increased 66 per cent year-over-year since 2009, reaching the equivalent of 117,339 attacks per day, according to PwC's "The Global State of Information Security Survey 2015". The estimated reported average financial loss from cybersecurity incidents was $2.7m – a 34 per cent increase over 2013, according to PwC1.

However, despite the increase in attacks the survey found global information security budgets actually decreased four per cent when compared with 2013. Security spending as a percentage of IT budget has remained "stalled at 4 per cent or less" for the past five years.

“Strategic security spending demands that businesses identify and invest in cybersecurity practices that are most relevant to today’s advanced attacks,” said Mark Lobel, a PwC advisory principal, focused on information security.

“It’s critical to fund processes that fully integrate predictive, preventive and incident-response capabilities to minimise the impact of these events,” he added.

David Robinson, chief security officer at Fujitsu UK & Ireland, expressed surprise at the fall in spending, as over the "last few months we have seen a huge amount of data breaches so it is shocking to hear that cyber security budgets falling".

"The threat facing every organisation is very real and also very hard to combat, so they can no longer afford to make errors when it comes to security," he added.

Darren Anstee, director of solutions architects at DDoS mitigation firm Arbor Networks, was also gobsmacked, arguing the importance of security needs to be sold to boards. Rather than security managers failing to make a business case for additional security tools and service, the fall is more a sign that the required dialogue is not happening effectively, he said.

"Businesses need to look closely at the risks they face, and the potential associated costs, so the value of security spending is appreciated throughout the entire management chain, all the way to board level. By investing in the appropriate solutions, training and processes organisations can minimise their risk, and reduce the longevity and cost of any breach," Anstee said.®


1Caveat - we've always thought estimating security breach losses is a hopelessly inexact science, for reasons explained here that still broadly hold true.

comment icon Read 14 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe