Last updated: 16 May 2016
The high-profile data breaches of the past year have apparently had an impact on organizations’ willingness to invest in stronger security measures. A new study by consulting and professional services firm BDO USA, which included a survey of 100 CFOs at U.S.-based technology companies, shows that 67% of the finance executives queried have increased their spending on cyber security measures during the past year.
Of those CFOs who have taken steps to boost security, a huge majority (90%) have deployed new software security tools, says the eighth annual 2015 BDO Technology Outlook Survey. BDO commissioned research consulting firm Market Measurement Inc. to conduct a national phone survey of the CFOs from December 2014 to January 2015.
While the survey did not ask CFOs what kinds of security tools they plan to invest in this year, according to BDO survey, nearly three quarters of the organizations surveyed (72%) created a formal response plan for security breaches, about half (48%) retained an external security consultant and 30% hired a chief security officer.
One of the focal points of new security efforts is protecting intellectual property (IP), with nearly half of the CFOs surveyed saying foreign IP infringements have had the greatest impact on their IP security, followed by changes in patent law and patent trolls.
The executives are also concerned about online security threats that might emerge from geopolitical issues as countries prioritize cyber security efforts to guard against possible domestic and foreign hack attacks.
“The threat assessments of likely cyber threats from unknown entities is causing the tech industry to be on high alert,” said Aftab Jamil, partner and leader of the Technology and Life Sciences practice at BDO USA.
“In addition to navigating everyday business challenges—both domestically and internationally—managing operations and maintaining compliance with regulatory requirements, U.S. companies will also need to implement or enhance their data privacy initiatives to mitigate any risks or vulnerabilities to their IT infrastructures, particularly with cyber capabilities evolving at rapid speed.”
The BDO USA report is by no means the only one forecasting increased spending on information security. CSO, in its annual State of the CSO report, which surveyed 366 security professionals online in 2014, reported that more than half of the executives surveyed (52%) said their organization’s overall security budget would increase over the coming 12 months compared with the previous 12 months.
Only 5% of the organizations surveyed by CSO expected to see a decrease in spending. In financial services, 67% of the respondents expected an increase.
And in a survey released earlier this year, investment bank and asset management firm Piper Jaffray said three quarters of 112 CIOs in eight industries, primarily in North America, were expecting to increase spending on security in 2015. That’s up from 59% in 2014.
“CIOs clearly have heightened concerns from the many security breaches that occurred in 2014, resulting in an inflection in overall security spending,” the report stated.
The firm’s fourth annual Piper Jaffray CIO survey showed that security was the top spending priority for organizations across a number of technology categories, which also included mobile devices, off-premise enterprise software, storage and servers.
With so many reports saying security budgets and spending are up, you would think there is an opportunity to finally make some real progress in fighting the data breach epidemic in which we saw more than 1,500 data breaches and one billion data records stolen last year. This might not be the case, just yet.
While security professionals now have the budgets they want, it looks like they plan to just spend more money on the same perimeter security technologies. For example, according to a recent study by 451 Research, firewall management claims the number one spot when it comes to top information security-related projects planned over the next 12 months.
In an age where the perimeter has been declared dead, firewall management shows no signs of going into retirement.
The problem we face is that many of the breach prevention technologies in use today continue to be the foundation of security strategies which have not been able to stop the data breach epidemic. This is not to say there is nothing wrong with these technologies. It’s the overreliance on them that is the problem.
Let’s look at some numbers. Below is a table from 451 Research of network security technologies and their use within enterprises today.
Contrast that with another chart from 451 Research that looks at top information security projects planned over the next 12 months, and you see how much breach prevention, monitoring and perimeter security continue to dominate the mindset of today’s security professionals.
Here is the issue in a nutshell. Over the past five years, the security industry has grown every year both in terms of revenue, new vendors and the services that are available to businesses and other organizations to protect their data and information.
However, just as the industry has grown, so too have data breaches year after year. During this time, the dominant approach to data security has been breach prevention.
Problem is this approach hasn’t been preventing much. Maybe it’s time for a new approach that shifts the focus away from the perimeter to the data itself.
If you’ll be at the 2015 RSA Conference, stop by the Gemalto booth, 3329, and let us know what you think about the spending trends.
Want to learn about the data breaches that occurred around the world in 2014? Download the complete 2014 Data Breaches Report. You can also check out our Breach Level Index 2014 infographic to quickly review some of the most notable breach statistics of 2014.
We hope that you’ll also connect with us on Twitter via @GemaltoSecurity to discuss data breach trends, information security news, and more.