Disconnect between investment and expected security improvements
Less than half of US firms will increase their investment in cybersecurity protection to match an expected rise in data breaches, according to a new survey conducted by Ovum. Yet just over half of executives surveyed believe their company will have stronger cybersecurity protection in a year.
In the survey, 68 percent of senior executives responsible for security at US firms said that the number of data breach attempts had risen in the last year, and 56 percent expected a further rise in the next year. Among financial services firms, 87 percent expected data breaches to rise in the next year.
However, less than half of respondents – 49 percent – said that their level of investment in cybersecurity will increase over the coming year. Despite that, 53 percent of respondents said their overall cybersecurity position will be better in a year.
“There’s clearly a discrepancy between the investment rate and the threat,” said Bob Shiflet, who oversees fraud and financial crime solutions at FICO. “Without dedicated resources to outthink the criminals, we don’t see how firms can count on improving their security posture, or even staying even. Our data does show that a higher percentage of telecommunications firms — 55 percent — plan to increase their cybersecurity investment in the next year, to match their strong concern that threats will increase during that time.”
More US firms did tend to have data breach response plans; 52 percent of respondents noted their firm has a plan in place compared to just 41 percent in the UK and 44 percent in Canada.
Additionally, 68 percent have existing monitoring, scoring, and reporting services, and 59 percent have board-level reporting and 61 percent have a board member responsible for oversight on cybersecurity.
Ovum conducted the survey through telephone interviews with CXOs and senior security officers in 350 companies based in the US, Canada, the UK and the Nordics in March and April 2017. Respondents represented firms in financial services, telecommunications, health care, retail, ecommerce and internet service providers.