Research from the Ponemon Institute mentions that only a quarter of companies focus on preventing cyber-attacks
The Economic Value of Prevention in the Cybersecurity Lifecycle report surveyed more than 600 IT and IT security practitioners in organizations. The latest research from the Ponemon Institute has revealed that only 24% of enterprises optimize cyber-attack prevention capabilities. This is although 70% of security professionals believe the ability to effectively prevent attacks strengthens security posture. According to the study, a significant percentage of companies prioritize cyber-attack detection and containment over prevention methods
Some key findings of the report:
- Half of the respondents say their companies are wasting limited budgets on investments that don’t improve their cybersecurity posture, and only 40% believe their budgets are sufficient.
- 55% of respondents said they could contain attacks after they happen. This leads IT, teams, to allocate significant portions of their budgets to containment instead of prevention.
- 80% of respondents said prevention is the most difficult to achieve in the cybersecurity lifecycle. Insufficient technology and lack of in-house expertise were some of the reasons cited by these respondents.
Nearly 80% of security budgets are allocated to detection, containment, recovery, and remediation activities, found the report. Meanwhile, only 21% of the budgets are allotted to prevention, even though 80% of respondents said prevention is the most difficult thing to achieve in the cybersecurity lifecycle.
Effective adoption of a preventative solution would result in significant cost reductions and require lower overall investment. The solution should be compared with the current spending on security departments and the cost of attacks. As per the study, the majority of organizations are more effective at containing cyber-attacks after they happen, because it is more accountable. The majority of cybersecurity budgets focus on containing attacks rather than preventing them. Today, enterprises are witnessing a significant increase in revenue losses due to cyber-hacks, which has forced them to start allocating increased resources to combat them. However, this is not an economically viable long-term strategy.