KPMG Study: Breaches Up, Security Spending Down

  /     /     /  
Publicated : 22/11/2024   Category : security


KPMG Study: Breaches Up, Security Spending Down


81 percent admitted to a recent breach but less than half said theyd invested more in security as a result



Finally, some numbers to put to one of businesss biggest security disconnects: More than 80 percent of C suite executives admitted their companies have been breached in the last two years, but less than half said theyve actually invested in any kind of information security product or service as a result.
The findings were part of a KPMG LLPs
Consumer Loss Barometer
report, released this week, which surveyed 403 CIOs, CISOs, CTOs and CIOs.
Respondents in the retail sector counted the most breaches, with 89% reporting yes, followed by automotive (85%), and banking and technology companies (76%). On the spending side, 66% of banking respondents said theyd made some sort of security investment, followed by technology (62%), retail (45%), and automotive (32%).
The disconnect between the high volume of breaches and low amount of
security spending
reflects a growing sense of overwhelm, particularly among CXOs, according to Greg Bell, KPMGs cyber US leader.
We started using the term cyber fatigue about 18 months ago and its only accelerated, Bell says. Its not just an increase in the volume of breaches companies are experiencing, but also new kinds of risk that CXOs must learn about – and respond to strategically.
Security should not be a function of IT but of business innovation, Bell says, underscoring one of the mantras from the report. As you offer a new product, partner with new partners, or introduce services to a broader, global market, they all require a shift in security control, he adds. If you dont align it with how the business is growing and innovating, you may be spending your security investment incorrectly.
To back that up, Bell points to an unnamed insurance company he talked to where the CISO was spending a lot of money to protect the companys dealer network. But another executive from the same company told Bell the medium-term plan was to get rid of dealers in favor of an app. The money spent on endpoint protection for the dealers was pointless and wasteful.
Bell also cited the changing nature of the automotive industry, where a strategic focus on security has lagged in comparison to other industry sectors. He also points to advancements in the infotainment elements of vehicles, not to mention GPS and autonomous driving features that have changed how consumers buy. Consumers are also concerned about hacking and 80% dont want to buy a car thats
associated with being hacked
, Bell says. More than half of all auto companies lack an executive solely responsible for security – no CISO or its equivalent. Auto makers aren’t aligning their spending with what their customers are thinking about, Bell says.
Infosec professionals regularly deal with projects where they start to deploy some new security product, only to have something better -- and cheaper -- come along as they near completion with now-older technology. By aligning security spending with innovation and the larger business strategy, companies can rescue infosec professionals who struggle to justify their expenditures, Bell says.
Theres also concern among executives around security as they watch (and approve) lots of money getting spent to address vulnerabilities and improve safeguards, according to Bell. But yet the number of threats, hacks and actual breaches continues to increase. So while organizations may need to spend more on prevention and detection, theres nothing that can ever completely eliminate the threats. Thats been a mixed message to executives, says Bell, and we need to articulate that better.

Last News

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
KPMG Study: Breaches Up, Security Spending Down