Cyber security management costs rising, but not improving business confidence in security

Most troubling, the research indicates that many companies are spending increasing amounts on cyber security tools, but are not confident that these investments are making their infrastructure secure.

FP Staff June 11, 2015 15:04:41 IST
Cyber security management costs rising, but not improving business confidence in security

Chief information security officers (CISOs), whose job is to protect your data, often face a chaotic and confusing landscape when deciding the most efficient and cost-effective way to manage the risks posed by security to their business, states Juniper Networks-RAND's new study.

Most troubling, the research indicates that many companies are spending increasing amounts on cyber security tools, but are not confident that these investments are making their infrastructure secure.

According to the study, cost to businesses in managing cyber security risk is set to increase 38 percent over the next 10 years.

Cyber security management costs rising but not improving business confidence in security

Source: Juniper-RAND report

The “heuristic economic model” created by RAND identifies key factors and decisions that influence the cost of cyber-risk to organisations. The model found that if frequency of software vulnerabilities could be reduced by half, the overall cost of cyber security to companies would decrease by 25 percent.

The report says that attackers are constantly developing countermeasures to new detection systems such as sandboxing or anti-virus technologies. This dynamic ultimately drives up the amount companies must spend on security technologies to maintain the same level of protection. RAND’s model projects that over 10 years the effectiveness of these technologies that face countermeasures falls by 65 percent.

"Companies must carefully evaluate the new tools they invest in, choosing those not prone to countermeasures, and focus on improving security management, automation and policy enforcement across the corporate network.

According to the study, IoT will have an impact on overall security costs; however, it’s unclear if it will be positive or negative. If security technologies and management are properly applied to IoT, companies could actually see savings in the long run. On the other hand, if companies struggle to apply security controls effectively, RAND’s model suggests that the introduction of IoT would increase the losses that companies experience due to cyber-attacks by 30 percent over the course of 10 years.

Organisations with very high levels of security diligence are able to curb the costs of managing security risk by 19 percent in the first year and 28 percent by the tenth year when compared to organisations with very low diligence, the report suggest.

Companies are likely not taking the optimal economic strategy with their investments, which should vary greatly from company to company based on their size, type of information that exists and the diligence of security staff. Specifically, RAND found small to medium-sized businesses benefit most from basic tools and policies, while large organisations and high-value targets require investments in a full range of policies and tools given the likelihood that they will be targeted by an advanced attack.

Juniper believes that the time is now for organisations to start managing security spending and risk management as a discrete business function. CISOs need a way to better understand the variables that most influence the cost of managing cyber security risk holistically and the different decisions they can make to protect their organisations, the report adds.

Updated Date:

also read

Information Security: Chinese firms get serious, hire hackers as cyber gatekeepers
Business

Information Security: Chinese firms get serious, hire hackers as cyber gatekeepers

Many chose to shift from "black hat" activities to "white hat" ones, using their skills to find network vulnerabilities so that they can be fixed.

Adobe Reviews Report Of Another Security Bug In Its Software
Biztech

Adobe Reviews Report Of Another Security Bug In Its Software

A spokeswoman for Adobe said that the company is investigating the report, which surfaced recently. She declined to elaborate.

Hackers take over a hotel's computer system, lock guests in rooms and hold hotel to ransom
News & Analysis

Hackers take over a hotel's computer system, lock guests in rooms and hold hotel to ransom

An Austrian hotel was subjected to a hacking attack that took over the hotel’s entire electronic key management system