Almost one in ten (9 per cent) of organisations say their IT security budget is actually falling year over year, according to a survey by cyber security firm Outpost24.
The study, in March 2019 at the RSA annual conference in San Francisco, also found that 26 percent of organisations said their IT security budget is staying the say year over year, despite 62 percent stating that they do not know or do not believe that all their organisation’s most critical digital assets are comprehensively secured.
When respondents were asked what makes their organisation least prepared for cyberattacks, 31 percent said it was down to not having enough time to keep on top of threats targeting their organisation, while 21 percent said it was not having the in-house knowledge and expertise to remediate and triage vulnerabilities found. Some, 13 percent of respondents felt they did not have enough c-level buy-in to support security, while 26 percent said they didn’t believe their c-level executives and board members had a good enough understanding of the security threats targeting their organisation.
Bob Egner, VP of Outpost24 said: “The findings from our study highlight that there is a wide gap between security teams and budget holders which is putting organisations at risk. With the average cost of data breaches exceeding $3.8 million, cybersecurity is very much a c-level and board member issue. Board members and c-level executives should have a comprehensive understanding of their organisation’s security posture and the attacks targeting them, they should then take this data and allocate budgets accordingly, before their business is disrupted or reputation is damaged.”
Survey respondents were also asked about the frequency of security assessments on their network, cloud infrastructure, their end points, web applications, data and their users. The findings suggested that seven percent never run assessments on their web applications, users, end points or data, while 13 percent said they never run assessments on their cloud infrastructure. A majority of respondents said they carry out continuous monitoring across their technology stack, however, these findings contrast with the 62 percent of responses that said they do not know or do not believe that all their organisation’s most critical digital assets are comprehensively secured.
The respondents that claim to carry out continuous security assessments, include:
33 percent continuously carry out security assessments on their network;
29 percent … on their cloud infrastructure;
36 percent … on their end points;
34 percent … on their web applications;
31 percent … on their data; and
31 percent … on their users.
“While it is positive to see a lot of organisations are carrying out continuous security assessments, we would ideally like these numbers to be a lot higher. If organisations are not monitoring their security posture, then the door is left open to malware and attackers that could be avoided. It is also interesting to see that so many organisations are struggling to carry out remediation and triage of security vulnerabilities. If an organisation does not have the in-house capabilities to carry out these tasks, they should look to outsource it to a third-party who can offer expertise in the area and ensure all vulnerabilities are comprehensively mitigated before they are exploited maliciously.”
To request the survey in full visit the Outpost24 website.
