Editor’s Note: The combination of attacks on American industry combined with budget austerity emphasize the need for cost-effective cybersecurity.
From: WSJ/CIO Journal
Joel Schectman, Reporter
A study released on Thursday found fewer companies are utilizing IT security measures, such as tools for detecting malicious code and policies to protect corporate data.
The cutbacks have occurred as the growth of security budgets has slowed, according to a new study from PricewaterhouseCoopers, which surveyed 9,300 CIOs, CEOS and IT managers on their preparedness for hacker attacks.
Just 16% of respondents said their firms conducted an inventory of different kinds of company data in 2012, down from 22% in 2011. That inventory—which can include an estimate of how much money the company would lose if the data were lost or stolen—is an important aspect of IT security, said Mark Lobel, the lead contributor of the study and principle at PwC. The London-based firm receives fees for security consulting.
“You need to have an accurate inventory of your key data elements,” Lobel said. “How can you protect your customer data if you don’t know what you have?”
Companies were also using fewer security safeguards than in the past, with 71% of respondents saying they were using adware and spyware detection tools in 2012, compared with 83% a year earlier.
The easing of protection measures occurred as budgets for IT security have stagnated, with only 45% of respondents saying they expect increases over the next year, down from 51% in 2011.
“Instead of risk driving security budgets, it’s what can the company afford,” Lobel said, noting that 46% of respondents said economic conditions drive security spending.
Lobel says the level of threats is rising and companies are not as prepared for attacks as management might think. The survey found 42% of respondents believed they had an effective security strategy in place. But only 8% utilized key best practices such as delivering security reports to the CEO, and conducting regular reviews of security measures, Lobel said.
Amidst the uncertain economic times and limited budgets, Lobel said, CIOs need to pick their battles.
“Identify what are the biggest risks out there for your company,” Lobel said. “And spend your money protecting against those risks.”
Leave a Reply