A new report from the Ponemon Institute has revealed that just 24% of organizations focus on optimizing cyber-attack prevention capabilities, despite 70% of security professionals believing that the ability to effectively prevent attacks strengthens security posture.
The research report, The Economic Value of Prevention in the Cybersecurity Lifecycle, sponsored by Deep Instinct, compiled survey responses from over 600 IT and IT security practitioners within organizations and revealed that a large percentage of companies prioritize cyber-attack detection and containment over prevention methods.
For example, according to respondents, whilst 79% of security budgets are being allocated to detection, containment, recovery and remediation activities, just 21% gets dedicated to prevention, even with 80% of those polled stating that prevention is the most difficult thing to achieve in the cybersecurity lifecycle.
The study determined that effective adoption of a preventative solution, when compared to the current spending of security departments and the cost of attacks, would result in significant cost reductions and require lower overall investment.
“This study shows that the majority of companies are more effective at containing cyber-attacks after they happen because it is perceived to be more accountable. This explains why cybersecurity budgets focus on containing attacks rather than preventing them, as well as the increased rate of breaches despite investments in cybersecurity solutions,” said Dr Larry Ponemon, the Chairman and founder of the Ponemon Institute.
“Prevention of cyber-attacks is perceived to be too difficult, but as companies continue to suffer revenue losses due to cyber-breaches, we expect budgets to start allocating increased resources to preventative solutions.”
Guy Caspi, CEO and co-founder of Deep Instinct, added that most companies still operate under a policy of ‘assume breach,’ believing that it is more pragmatic to contain a cyber-attack after penetration.
“This is no longer an economically viable long-term strategy,” he said. “The value of prevention is clear – for any type of attack, prevention saves significant time and money.”