Increased Security Spending Does Not Equate to Better Cybersecurity Defenses

Increasing spending on cybersecurity solutions will not necessarily mean organizations are better equipped to deal with cyber threats. While many organizations choose to increase spending on defenses to counter the increased threat, it is essential that the money is spent on solutions that are able to keep sensitive data secured. There is a tendency to keep on investing in similar technologies, even though they have been shown to be ineffective at mitigating risk.

A survey conducted by 451 Research for the Thales 2017 Data Threat Report indicated 73% of organizations had increased security spending for 2017. In 2016, security spending had been increased by 58% of organizations surveyed. While it is reassuring that organizations appreciate defenses need to be improved, an analysis of spending versus data breaches in the last 12 months shows that increased spending does not necessarily mean fewer data breaches are suffered.

58% of companies increased IT  security spending last year and 26% of companies said they had experienced a data breach in the past 12 months – a 5% increase year on year.

Data breaches are continuing to occur and the frequency of attacks has increased, despite an increase in security spending. Most of the money being spent is used to improve network and endpoint security systems. When asked what the main spending priorities were, 62% said network security and 56% said endpoint security. Just 46% said the main priority was protecting data at rest with encryption.

The survey showed that 76% of IT security professionals are aware of the effectiveness of encryption for protecting sensitive data at rest, and how it was more effective than endpoint security systems. Yet, encryption was still not a major spending priority for the majority of organizations.

According to 451 Research senior analyst Garrett Bekker, organizations are continuing to spend heavily on data security systems that have worked well for them in the past, even though those technologies are now not the most effective ways to prevent data breaches.

One of the key drivers affecting IT security spending decisions is compliance with industry regulations. While compliance is important, it should not be the only consideration. In order to resist attacks from highly sophisticated attackers, organizations should look beyond compliance and concentrate on the effectiveness of technologies at mitigating risk from the key security threats.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of