Information security spending on the preparation to combat the sinister characters threatening our information increases more than expected each year. But is it enough? The expectation is clear, but the application lacks a a robust resolution. Visible absence of diligent efforts to implement preventive measures would be duly covered up by incremental budget boosting. While information security spending by governments is more than lacking, software companies providing accounting, payroll and payment systems services to businesses in more than a score of countries are getting hit by hacks.
World leader in market research, Gartner, forecasts that the current year information security spending globally on products and services will reach $81.6 billion, an increase of 7.9 percent over the past year. The 2015 spending of $75.4 billion was a growth of 4.7 percent over the previous year. While the past year report estimated the information security market to advance at a CAGR of 7.4 percent through 2019, the latest report anticipates the highest growth to come from security testing, IT outsourcing and data loss prevention (DLP), until the end of 2020.
Sadly, the incremental growth in information security spending has not been able to radically transform the security landscape for companies, and therefore in turn the end consumer. The resultant failure can largely be attributed to organizations’ disingenuous approach towards safeguarding sensitive consumer information, which is directed more towards meeting regulatory obligations than a dedicated effort to prevent data loss.
Secondly, managing and securing sensitive data with a comprehensive defense infrastructure has been poorly lacking. For example, security spending as far as DLP is concerned has yet to pick up. According to the Gartner’s report cited above only 50 percent of organizations today implement at least one form of integrated DLP. This is expected to increase to 90 percent by 2018. By inference, 10 percent of organizations would still be sitting ducks two years down the line against the evolved attack mechanisms of advanced criminals.
According to a joint information security research conducted by M-Files Corporation and The Association for Information and Image Management (AIIM), 38 percent of organizations have experienced one or more information security breaches in the past year. While 31 percent of the participants felt their organization did an inadequate job of protecting confidential and sensitive information, 36 percent stated either their organization didn’t have a formally documented policy about how company information is stored, managed and shared – or they had no idea if such a policy existed at all.
Greg Milliken, vice president of marketing at M-Files Corporation said, “The prevalence of information security breaches can be seen as a direct result of having an ineffective information management strategy.”
“It’s clear that businesses need better information management solutions to deliver the document control and security features required to protect confidential information, while still making it quick and easy for users to find the information they need.”
Elizabeth Kim, senior research analyst at Gartner said that security spending will become more and more service-driven with organizations facing shortages of adequate manpower even as targeted advanced threats and insider threats continue to peril organizations across industries. “Organizations are increasingly focusing on detection and response, because taking a preventive approach has not been successful in blocking malicious attacks. We strongly advise businesses to balance their spending to include both,” she added.
The M-Files and AIIM study too points towards several companies taking proactive steps to mitigate information security breach issues, as about 59 percent respondents stated that their organization has implemented new information security solutions, systems and/or protocols within the past year.
Bob Larrivee, vice president and chief analyst of AIIM Market Research said, “Businesses of all sizes must take information security seriously, looking at the whole organization – people, process, governance, and technology – in order to better address their security and access control requirements.”
As enterprises continue to scale technological innovations to boost business sustainability, data security measures must be proactively adopted. The more that new technologies closely integrate with business functions, the more necessary it is for information security to be a robust and living. While a steady committed budget is a definite confidence booster for the overall security, it is the genuine efforts of all stakeholders that will need to the most versatile line of defense.