Big boost in cyber investment

Security is becoming mainstream as 93% of companies globally are maintaining or increasing their investment in cyber security to combat the ever increasing threat from attacks, a new survey said.

By Greg Hale, ISSSource December 9, 2013

Security is becoming mainstream as 93% of companies globally are maintaining or increasing their investment in cyber security to combat the ever increasing threat from attacks, a new survey said.

Under cyber-attack, EY’s (Ernst and Young) 16th annual Global Information Security Survey 2013 tracks the level of awareness and action by companies in response to cyber threats and canvases the opinion of over 1,900 senior executives globally.

This year’s results show as companies continue to invest heavily to protect themselves against cyber attacks, the number of security breaches is on the rise and it is no longer a question of if, but when, a company will be the target of an attack.

Thirty-one percent of respondents report the number of security incidents within their organization has increased by at least 5% over the last 12 months. Many have realized the extent and depth of the threat posed to them; resulting in information security now being “owned” at the highest level within 70% of the organizations surveyed.

“This year’s survey shows that organizations are moving in the right direction, but more still needs to be done – urgently. There are promising signs that the issue is now gaining traction at the highest levels. In 2012, none of the information security professionals surveyed reported to senior executives – in 2013 this jumped to 35%,” said Paul van Kessel, EY Global Risk Leader.

Despite half of the respondents planning to increase their budget by 5% or more in the next 12 months, 65% cite an insufficient budget as their number one challenge to operating at the levels the business expects; and among organizations with revenues of $10 million or less this figure rises to 71%.

Of the budgets planned for the next 12 months, 14% ended up ear-marked for security innovation and emerging technologies. As current technologies become further entrenched in an organization’s network and culture, organizations need to be aware of how employees use the devices, both in the workplace and in their personal lives. This is especially true when it comes to social media, which respondents identified as an area where they continue to still feel unsure in their capability to address risks.

Although information security is focusing on the right priorities, in many instances, the function doesn’t have the skilled resources or executive awareness and support needed to address them.

In particular, the gap is widening between supply and demand, creating a sellers’ market, with 50% of respondents citing a lack of skilled resources as a barrier to value creation. Similarly, where only 20% of previous survey participants indicated a lack of executive awareness or support, 31% now cite it as an issue.

Click here to download the full report.