Firms spending more on IT security, without knowing effectiveness of tools

Register now

More than half of IT security leaders (53 percent) don’t know how well cyber security tools are working, despite an average of $18.4 million in average annual spending on these technologies, according to a new report from the Ponemon Institute.

The institute surveyed 577 IT and security practitioners in the United States for the report, which was sponsored by security company AttackIQ.

Despite the widespread uncertainty about the effectiveness of tools, 58 percent of companies will be increasing their IT security budget by an average of 14 percent in the next year, according to the survey.

Nearly two thirds of the respondents (63 percent) said they have observed a security control reporting that it blocked an attack when it had actually failed to do so. Only 39 percent said they are getting full value from their security investments.
Despite deploying many different cyber security products, companies in general are not confident that their technology investments, staff, and processes can reduce the chances of a data breach.

This lack of confidence stems largely from uncertainty about the efficacy of cyber security tools and the ability of staff to identify gaps in security and to respond to security incidents in a timely manner.

Less than half of IT experts are confident that data breaches can be stopped with their organization’s current investments in technology and staff, and 56 percent said a reason data breaches still occur is because of a lack of visibility into the operations of their security program.

For reprint and licensing requests for this article, click here.