Cyber crime today is big business. Industry sources estimate it will cost the world a staggering US$6 trillion annually by 2021. In Australia, cyber crime costs the economy approximately A$1 billion per year.
Threats such as distributed denial of service attacks and ransomware continue to wreak havoc, while business email compromise and crypto-jacking pose increasing risks to organisations around the world.
To put the magnitude of this crimewave into perspective, a 2017 Carbon Black study calculated the growth rate of the underground ransomware economy to be at more 2500 percent year-on-year.
The continuing growth of the Internet of Things (IoT) has also provided new vulnerabilities for cyber criminals to exploit. As IoT scales up, the principles of security remain the same but the consequences of getting it wrong change dramatically. Cyber security in the IoT world moves from the protection of data to the protection of our physical safety.
ANTICIPATING ATTACK
In the face of these threats, many in the security industry are changing their stance. Rather than asking whether a breach will take place, they now assume one will occur, and are instead planning how they will react and recover.
This shift in mentality to an ‘expectation of breach’ is being supported by greater investment by organisations into their cyber security.
The 2018 Telstra Security Report, which surveyed more than 1000 respondents across 13 countries, found security spending across the board has increased and will continue to rise over the next 12 months.
Twenty-four percent of APAC companies said they were increasing their security spend from between six to 10 percent, while around 14 percent of respondents said they would boost their security budget by as much as 21-25 percent.
The findings echo trends overseas, where budgets for cyber security continue to increase; Gartner estimates worldwide security spending will reach US$96 billion this year, an 8 percent rise on 2017.
Some organisations are taking this to the extreme: in recent years Bank of America has operated a blank cheque approach for its cyber security operations. This unprecedented move signifies the scale of security challenges facing organisations globally.
REGULATORY COMPLIANCE
However, it’s not simply the fear of breaches that is helping drive organisations’ security spending. Regulatory compliance is becoming more of a focus with the introduction of legislation containing far-reaching implications, such as the European General Data Protection Regulation (GDPR).
Similarly, in Australia many organisations are now legally required to promptly notify victims and the Privacy Commissioner of any significant data breach as a result of the Notifiable Data Breaches legislation that came into effect early this year. This increase in organisational accountability for security has had the same impact on security budgets.
THE FUTURE OF CYBER SECURITY
Spending is going towards a wide range of programs including audits, risk assessments, end-user training, and compliance tools to help navigate cyber security challenges. Strategic partnerships with cyber security experts have also become an important solution to help organisations stay ahead of the bad guys.
In today’s climate every organisation must determine for itself what constitutes an acceptable level of risk. As a business strives to succeed in their marketplace, they face growing pressures about their cyber security and its operational impact.
Whether it’s to better spot and mitigate an attack or keep on top of regulatory compliance obligations, cyber security spending is demonstrably on the rise and isn’t likely to slow down anytime soon.
- Written by Neil Campbell, Director Global Security Solutions, Telstra
