Simply asking this question may cause defensive reactions, both from security specialists in organizations and from those part of security tech vendors. However, the point here is not to polarize, but to share our reflections on the potential causes for this imbalance.
Cyber security spending is growing like never before
Historically, the lack of an adequate budget has been a key challenge in addressing cyber security issues in organizations both private and governmental. CISOs, CIOs and other security executives have struggled for years to get their budget requests approved, so they can put at least satisfactory safeguards in place.
As a result of the growth tendency of the infosec industry – which, naturally, correlates to the development of the IT industry as a whole – this problematic situation has changed significantly in the past years.
Never before have companies and government institutions invested so much money in cyber security, both in terms of technology and human resources.
Last year, an ISACA and RSA Conference survey revealed that:
61% surveyed state that they expected an increase in their cybersecurity budgets in 2016
“In addition to increased spending on cybersecurity, 75 percent of respondents report that their organizations’ cybersecurity strategy now aligns to enterprise objectives.”
Gartner also predicted an increase in financial resources assigned to cyber defenses, based on several key indicators and market trends, anticipating that “worldwide spending on information security products and services will reach $81.6 billion in 2016, an increase of 7.9 percent over 2015.”
In terms of spending priorities, the IDC Worldwide Semiannual Security Spending Guide emphasized three key sectors:
The largest segment, managed security services, is forecast to generate revenues of $13 billion this year . Security software will be the second largest category in 2016, with endpoint security, identity and access management, and security and vulnerability management software driving more than 75% of the category’s revenues. Finally, security hardware revenues will reach $14.0 billion in 2016, led by purchases of unified threat management systems.
But so are cyber attacks
What actually happened last year confirmed these investment predictions, but it also faced security executives with a difficult problem: a large increase in cyber attacks. Much larger than anticipated.
Of course, the industry expected this would happen, but even the most versed of experts were taken aback by the most serious cyber crimes of 2016. From the biggest data breaches that ever happened to equally historical DDoS attacks and the explosive growth of ransomware, we saw Sci-Fi scenarios turn into grim reality.
The dramatic climb in cyber crime rates during last year brought on massive financial impact for the victims. Organizations lost clients, money, their reputation and they faced legal consequences. Internet users like you and me lost their data, their privacy and their money, either to ransomware or other types of financial malware.
The reason the problem is growing despite increased spending is that we only saw the tip of the iceberg in 2016. The tech industry has only begun to grapple with the magnitude and complexity of the cybercrime waves we’re dealing with.
As attacks will grow bigger, more disruptive and more frequent, our defences, both personal and organizational, will also need to be stronger and more sophisticated. The escalation will continue in 2017 and beyond.