How wisely are you spending your security budget?
If a Gartner study from this summer was correct, businesses spent nearly $400 per employee on security efforts in 2014. That’s a lot of money, especially for the average SMB, but you have to balance that with the costs involved in a security disaster. Better to spend the money upfront rather than possibly lose the business altogether, right?
And it appears that companies are willing to spend the money. A new study by PiperJaffray found that 75 percent of CIOs plan to invest more in cybersecurity in 2015 because security is their top concern. It wasn’t always the case, as Business Insider pointed out:
Security was the top concern last year, too, but only 59% had indicated they would increase spending in it. That's a huge jump.
It isn’t surprising that CIOs are more worried than ever about cybersecurity and are finally moving to do something about it. The mainstream media reminded us every week about a new breach or a new hack or a new vulnerability that put our personal information, our financial information, or corporate intellectual property at risk.
While the focus on improving cybersecurity efforts is a step in the right direction, it also appears that too many companies are spending on security without really understanding whether or not they are deploying the right security tools. A new survey from Trustwave has found that smaller businesses are spending twice what larger businesses spend per Internet user, but more than a quarter of the respondents stated that they feel the security systems aren’t effective. As for reasons why, a TechTarget article stated:
The survey responses from IT decisionmakers puts the blame for the shelfware problem on a lack of time and resources. Among respondents, 35 percent said that IT was too busy to properly implement the software that was purchased, while 33 percent noted that IT didn't have enough staff. Other problems reported were a lack of understanding the software (19 percent); lack of technical training (17 percent); and not understanding the problem well enough (12 percent).
So it seems that organizations, especially smaller businesses, are doing the wise thing by investing in security systems, but at the same time, they are throwing money away because they either aren’t using the right tools for their purposes or they don’t understand how to use the security controls they have. One area where CIOs and IT may want to consider spending some of that security budget is in proper training and cybersecurity education to ensure that security systems in place are able to best protect the network and data.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba