LATEST INTELLIGENCE
Calculating the return
on investment
in layered security
Understanding the threat
What if it never happens? That’s the question which hangs over
every investment in security. It’s the same with IT security. Big
hacks can hit sales, down operations and damage the brand. But
they’re not common—or so many businesses believe.
The problem is that this is difficult to know. Businesses are only
aware of the hacks that make it into the public domain, such as
the Ashley Madison attack which saw members of the discreet
dating website have their personal details stolen, effectively
destroying brand value. But the majority of security breaches
never make it that far.
The business
case for layered
security
The big picture
Four per cent of revenue is a lot to sacrifice, particularly
in the current economic climate. Yet this is the fine
proposed in the EU General Data Protection Regulation
for companies failing to provide adequate IT security to
protect personal data.
The legislation doesn’t specify what those measures
should be. It says they need to be “appropriate to the
risks”. The problem is the nature of that risk is changing.
In a survey of 700 IT and IT security professionals by the
Ponemon Institute, 69 per cent said they saw the severity
of malware incidents increase in the last year.
In fact, 90 per cent of large organisations and 74 per cent of small
firms have suffered some kind of attack, according to a survey by
consultants PwC. What’s more, the cost of each attack is escalating
sharply. The PwC study, which drew responses from 664 IT
managers and senior business executives, found that the average
cost of an IT security breach ranged from £1.46 million to £3.14
million in 2015, more than double the respective figures for 2014.
While web-born malware attacks are cited as the most
common threat (by 80 per cent of respondents), there
was significant growth in persistent targeted attacks
(up from 50 to 65 per cent) and zero-day attacks,
which exploit unknown vulnerabilities (up from 32 to
46 per cent).
But it is not only major breaches that create costs and damage
businesses. There is a constant drip feed of viruses, Trojans,
phishing attacks, and other types of malware. These slow systems
down and create vulnerability to further attack. Managing these
threats and repairing the damage done creates a constant drain
on IT resources. According to a survey of 1755 C-level executives
by consultancy EY, 43 per cent saw malware as the top threat in
2015, compared with 34 per cent in the previous year.
This increased risk does not only mean organisations
could breach EU legislation, which applies to anyone
operating in the political bloc. Malware and associated
cybercrime also threaten companies’ revenue, internal
efficiency, and brand reputation. At the same time as
threats are increasing, budgets are not. In the Ponemon
Institute study, only 45 per cent of respondents say their
organisation’s IT security budget is set to increase.
Download white papers free from www.intelligentcio.com/me/whitepapers/
www.intelligentcio.com
INTELLIGENTCIO
15