CyberScout

Companies' Budgets, Executive Buy-in Falling Behind Security Threats

A rise in cyber threats around the world underlines the importance of cybersecurity in a technology-rich and reliant world. Most businesses and countries have made cyber security a top priority, even finding it to be one of their main businesses risks. However, this focus hasn't stopped the increasing number of attacks, and it may not be improving companies' strategies to combat the issues.

The number of cybersecurity incidents grew 66 percent at a compound annual growth rate between 2009 and 2014, according to PricewaterhouseCoopers LLP's Global State of Information Security Survey 2015. In 2013, there was a 48 percent increase alone, which equates to 117,339 attacks launched each day of the year.

Lack of executive buy in
As the number and variety of attacks rise, many companies' budgets are decreasing or staying the same, PwC found. Last year saw a 48 percent increase in attacks but an overall 4 percent decline in information security budget investments. Smaller firms are particularly likely to forgo a large cybersecurity budget, even though data breaches resulting in leaked information and identity theft could cost them millions of dollars in damages, not to mention a loss of company reputation.

Companies' boards may be staying too far away from the problem. Only 36 percent of respondents stated information security issues were looked into by the board.

Causes of cyberthreats
The growth of cybersecurity issues is problematic enough for firms, but the rise in insider cybercrimes is compounding the risks and increasing the costs of security and breaches. Insider security breaches can come from current employees, providers and consultants, former workers, business partners and customers. The most common threat is from current employees, according to the PwC survey. From 2013 to this year, respondents stated the amount of current employees committing cybercrimes rose from 31 to 35 percent. This was followed by the next most common culprit, former employees, which increased from 27 to 30 percent.

Businesses may not want to look inward at loyal and hardworking employees, but cybersecurity systems and protocol that ignore inside threats leave firms vulnerable to common attacks. Companies need to have programs in place that focus on preventing such threats, but also monitor to detect and respond to inside cyber issues.

Concerning information
As the consequences of identify theft affect more people each year, a recent survey by Tripwire, in addition to PwC's findings, should raise executive's concern. More than half of IT professionals stated they were not confident in the security configuration of their router, firewalls, modems and switches.