IT decision-makers fail to prioritise financial loss

Research conducted by the Coleman Parkes research institute on behalf of Fujitsu UK reveals security breaches last year cost businesses an average of £1.46 million to £3.14 million, but IT decision-makers are failing to prioritise financial loss.

The research showed that while 86 percent of IT decision-makers rated security as the most important aspect of their business, CIOs are more concerned with the loss of sensitive data than the financial consequences. And more than half the IT decision-makers surveyed spend under a quarter of their IT budget on security.

Andy Herrington, head of cyber professional services at Fujitsu, cautioned companies against cutting corners on cyber-security: “By making security decisions based on finance, rather than on the technology required, businesses are making themselves vulnerable,” he said.

Recently there has been a move toward email attachment and malicious macro attacks. Mike Smart, EMEA security strategist at Proofpoint, stated: “Cyber-criminals are profit driven and are ruthless in their drive for high return investments.”

Smart then talked about how this rise can most likely be attributed to the lower upfront maintenance costs due to their effectiveness and the ability to recycle old software.He says that with the recent rise in cyber-crime it has never been more important for CIOs to prioritise their budgets to ensure resources are allocated to protect the weakest parts of the business.

Herrington said one way of improving security at an organisation is by looking at each stage of the cyber kill chain. A business can effectively measure each stage of the risk and what is being done to make it difficult for a hacker to access systems at each stage of the process. If done effectively this would dissuade people from targeting the business and encourage attackers to look for easier targets.