$75 billion per year isn’t enough to secure the private sector from hackers
In 2015, companies worldwide spent over 75 billion USD on cyber security – a number that is expected to grow by 7 percent annually.
However, this spending has not necessarily paid off in terms of securing companies from cyber attacks. A report published this month by Ponemon Institute shows that “loss or theft of data is up sharply” among US and European organisations. The report surveyed 3,027 IT professionals from organisations of varying sizes. 76 percent of these professionals stated that their organisation has experienced a data security breach over the past two years – compared to only 67 percent in 2014.
Unsurprisingly, a majority of respondents (58 percent) named outside attackers as one of the main security threats to their organisation. What is more remarkable is that 55 percent of respondents named “insiders who are negligent” as a key cyber security concern. This means that the perennial threat posed by hackers is only slightly more worrying to IT professionals than the negligence of their fellow employees.
An organisation may be willing to invest heavily in advanced cyber security software, sophisticated threat detection and IT specialists, only to have it all rendered meaningless by the careless actions of a single employee who is willing to click on a suspicious link, answer a phishing email, or otherwise inadvertently compromise the security of business-critical data.
The consensus among analysts is that hackers always seem to be one step ahead of even the world’s largest and most profitable companies – including Sony Pictures, which experienced a high-profile data breach in 2014 – and that a robust IT security spending budget is by no means a way to guarantee security.
There is, of course, no justification for cutting back on the billions being spent on cutting-edge cyber security systems. These systems are necessary, and in many cases effective.
But it may be time for organisations to look beyond the notion of a siloed, specialized IT department responsible for cyber security, and accept that perhaps every employee needs to be given basic training in how to protect data and sensitive information.
Where it’s something as simple as an office-wide email with data protection tips, creating a layman-friendly IT security manual to help guide employees, or implementing a more formal training program, there are a lot of cost-effective options for companies to mitigate the threat of “negligent insiders”.
To learn more about the latest advances in cyber security and developments in the global IT market, visit our website or contact: