Why increasing IT security budgets is not enough

As a result, the security marketplace has fared better than most throughout the economic crises and analyst organisations such as Gartner continue to predict high single digit growth for security software in EMEA over the next three years.

There are good reasons to believe that this increase in spend will continue. No business is an island from an IT perspective and as we strive to reduce costs and become more customer and partner friendly, the online projects we undertake can inadvertently increase our exposure to cyber risks. Recently we have seen a change in the threat landscape with more sophisticated and persistent threats arriving every year.

According to a recent report by PwC entitled The Information Security Breaches Survey, UK businesses have seen a sharp rise in IT security breaches in the past two years. In fact, despite increased spending on security defences, the number of companies attacked has risen three fold to 92 percent and the cost to business of these attacks has increased by more than that. One conclusion you can draw is that the traditional approaches taken to address IT security are becoming less effective over time and increased spending alone is not enough.
Solutions
So what is the right security solution for any particular company? From a technology perspective, when we go below the umbrella category of security we find many sub-categories each addressing a different wavelength of the security spectrum; virus and malware, intrusion detection and prevention, authentication and federated identity, identity and role management, data loss prevention and security information and event management to name just some.
It’s not just the variety of solutions available but their integration and interaction that determines the overall effectiveness of any security implementation. Finally, it’s important to recognise that technology is only one element in the security operations trinity - people and process are equally important.