London, UK – March, 27 2019 - Despite a recent report from Gartner stating that cybercrime is now costing the global economy $5.2 trillion, a new study from Outpost24, an innovator in identifying and managing cyber security exposure, has revealed that almost one in ten (9 percent) organizations say their IT security budget is actually falling year over year.
The study, which was carried out in March 2019 at the RSA Conference in San Francisco, also revealed that 26 percent of organizations said their IT security budget is staying the say year over year, despite 62 percent stating that they do not know or do not believe that all their organization’s most critical digital assets are comprehensively secured.
When survey respondents were asked what makes their organization least prepared for cyberattacks, 31 percent said it was down to not having enough time to keep on top of threats targeting their organisation, while 21 percent said it was not having the inhouse knowledge and expertise to remediate and triage vulnerabilities found. Interestingly, 13 percent of respondents felt they did not have enough c-level buy-in to support security, while 26 percent said they didn’t believe their c-level executives and board members had a good enough understanding of the security threats targeting their organization.
“The findings from our study highlight that there is a wide gap between security teams and budget holders which is putting organizations at risk. With the average cost of data breaches exceeding $3.8 million, cybersecurity is very much a c-level and board member issue. Board members and c-level executives should have a comprehensive understanding of their organization’s security posture and the attacks targeting them, they should then take this data and allocate budgets accordingly, before their business is disrupted or reputation is damaged,” said Bob Egner, VP of Outpost24.
Survey respondents were also asked about the frequency of security assessments on their network, cloud infrastructure, their end points, web applications, data and their users. The findings revealed that seven percent never run assessments on their web applications, users, end points or data, while 13 percent said they never run assessments on their cloud infrastructure. The good news is that a majority of respondents said they carry out continuous monitoring across their technology stack, however, these findings contrast with the 62 percent of responses to the study that said they do not know or do not believe that all their organization’s most critical digital assets are comprehensively secured.
The respondents that claim to carry out continuous security assessments, include:
- 33 percent continuously carry out security assessments on their network
- 29 percent continuously carry out security assessments on their cloud infrastructure
- 36 percent continuously carry out security assessments on their end points
- 34 percent continuously carry out security assessments on their web applications
- 31 percent continuously carry out security assessments on their data
- 31 percent continuously carry out security assessments on their users
“While it is positive to see a lot of organizations are carrying out continuous security assessments, we would ideally like these numbers to be a lot higher. If organizations are not monitoring their security posture, then the door is left open to malware and attackers that could be avoided. It is also interesting to see that so many organizations are struggling to carry out remediation and triage of security vulnerabilities. If an organization does not have the in-house capabilities to carry out these task, they should look to outsource it to a third-party who can offer expertise in the area and ensure all vulnerabilities are comprehensively mitigated before they are exploited maliciously,” continued Egner.
ENDSNotes to editor:
This survey was carried out in March 2019 at the RSA Conference in San Francisco and studied the attitudes of 121 security professionals.
For more information on the study, please visit https://marketing.outpost24.com/mkg/rsa-survey-2018About Outpost24
Outpost24 is a leading cyber assessment company focused on enabling its customers to achieve maximum value from their evolving technology investments. By leveraging our full stack security insights to reduce attack surface for any architecture, Outpost24 customers continuously improve their security posture with the least effort.
Over 2,000 customers in more than 40 countries around the world trust Outpost24 to assess their devices, networks, applications, cloud and container environments and report compliance status for government, industry sector, or internal regulations.
Founded in 2001, Outpost24 serves leading organizations across a wide range of segments including financial and insurance, government, healthcare, retail, telecommunications, technology, and manufacturing.