Global Business Leaders Eschew Proactive Security Investment

Written by

A third of global business decision makers said they’d rather cut costs by paying a ransomware demand than invest in security, according to NTT Security.

The managed security giant polled 1800 business leaders around the world to compile its Risk:Value 2018 report.

Worryingly it revealed that only around half of businesses are prepared to invest proactively in cybersecurity.

Most of them are doing so to prevent the damage to customer confidence (56%), and brand and reputation (52%) that can result from a breach.

Even more concerning is the fact that nearly half (47%) of respondents said they’d not been affected by a data breach, despite less than half (48%) claiming they had secured all their critical data. In the UK, nearly a quarter (22%) don’t even know if they have suffered a breach or not.

“We’re seeing almost unprecedented levels of confidence among our respondents to this year’s report, with almost half claiming they have never experienced a data breach. Some might call it naivety and perhaps suggests that many decision makers within organizations are simply not close enough to the action and are looking at one of the most serious issues within business today with an idealistic rather than realistic view,” said NTT Security’s senior VP EMEA, Kai Grunwitz.

“This is reinforced by that worrying statistic that more than a third globally would rather pay a ransom demand than invest in their cybersecurity, especially given the big hike in ransomware detections and headline-grabbing incidents like WannaCry. While it’s encouraging that many organizations are prepared to take a long-term, proactive stance, there are still signs that many are still prepared to take a short-term, reactive approach to security in order to drive down costs.”

The estimated cost to recover from an incident has increased from $1.4m to $1.5m since last year. However, on the plus side, global respondents claimed it would take 57 days to recover from a breach, down from 74 days in 2017. In the UK the figure is lower still at 47 days.

What’s hot on Infosecurity Magazine?