Cybersecurity Needs Smarter Approach


More does not always equate to better when it comes to IT security investments, according to a white paper recently published by 451 Research.

After the technology advisory firm interviewed more than 1,100 senior security executives in financial services and other industry verticals from around the globe, 73% of the respondents anticipate increasing their spending on security, and 23% of the respondents expect their investments to be “much higher.”

However, a larger security budget does not mean that organizations will attain their desired results, noted Garrett Bekker, principal analyst, information security practice at 451 Research and the report’s author.

“To the extent that security spending continues to increase each year, a defensible argument could be made that, at worst, much of that money is being wasted, or at best, sub-optimally allocated,” he wrote.

Garrett attributed much of the misalignment to changing nature of enterprise infrastructure. “Simply put, our corporate boundaries become increasingly porous, and our resources are on the move, traditional endpoint and network security approaches are no long sufficient in and of themselves,” he added.

The increasing use of cloud computing and other offerings delivered as services has put more of a focus on identity management, encryption, and digital loss prevention than common endpoint and network security approaches like firewalls and anti-malware applications.

To make matters worse, close to two-thirds of the respondents (63%) stated that they deploy new technologies in advance of having appropriate levels of data security in place.

A large plurality of the executives polled (44%) also stated that compliance was the primary reason why they invest in data security.

And the price of non-compliance with data security regimes, such as New York State Department of Financial Services’ cyber-security requirements that went into effect on March 1 or the EU’s General Data Protection Regulation that is set to go into full effect on May 6, 2018, can be high.

Once GDPR is in full effect, data protection regulators will have the authority to level fines up to 20 million euros or 4% of a firm’s global turnover, its sales net taxes, depending on the infraction.

It’s now more than a slap on the wrist, according to Bekker. “It’s important to recognize that it’s no longer enough to just check off compliance boxes,” he added.

Related articles

  1. Cyber-Criminals Target Wall Street

    EY and IIF survey finds 72% of chief risk officers view cybersecurity as the top year-ahead risk.

  2. Third-Party Providers Pose Cyber Risk: Sifma

    The two-day UK market wide simulation exercise involved 50 regulated firms and the financial authorities.

  3. Cybersecurity is Top of Mind for FinServ

    Exchange group can integrate crypto and fiat legs into overall analysis and monitoring.

  4. Cybersecurity Still a Work in Progress

    Brokers need to bolster protection against the "account intrusion" threat.

  5. The Crypto Assets and Cyber Unit in the Division of Enforcement will grow to 50 dedicated positions.