Cyber-attacks unavoidable - firms increase incident response spending

Firms are shifting their cyber-security spend away from traditional 'prevent and protect' approaches towards 'detect and respond' operations.

Firms are shifting their cyber-security spend away from traditional 'prevent and protect' advances towards 'detect and respond' operations, according to a new study by the analysis and consultancy company, Pierre Audoin Consultants (PAC).

This new research found that a shift in spending is due to an acceptance that cyber-attacks are unavoidable. The study has questioned 200 people from leading companies in the UK, France and Germany with support from FireEye, HP, Telefonica and Resilient Systems.

The research showed firms spending 77 percent of their security budgets using end-point solutions including firewalls.  But spend is moving towards the post-breach 'detect and respond' capability.  It also reported that firms struggled to identify cyber-breaches.

The cost of cyber-breaches continues to rise and as a result, firms are anticipating increasing external arrangements for Incident response to achieve cost efficiency and access to the required expertise. 

“Firms are coming to terms with the inevitability of a cyber-breach,” said Duncan Brown, research director at PAC and lead author of the study. “Rather than spending a majority of security budget on prevention, firms will apply a more balanced approach to budgeting for cyber-attacks.”

 

“Cyber-attacks have become increasingly personalised resulting in many more organisations being compromised with a much greater business impact,” commented Greg Day, EMEA VP & CTO, FireEye.  “This shows that companies can no longer afford to focus solely on defence – they need to also balance it with incident response.”  Furthermore, the study suggests that there is a lack of order between a business' confidence to react to a breach and their true efficiency.  The main issue is people skills, typically not a quick or simple fix. 

Most CIOs worry about outsourcing security due to a perceived loss of visibility and control.  Brown continued that, “With incident response it's better to have an external resource standing by, possibly on retainer, than divert internal staff from their core responsibilities when an attack occurs.  A cyber-breach may be inevitable but the nature and timing of an attack is unpredictable.”