AttackIQ and the Ponemon Institute have posted their latest research, and the findings are clear: over 50% of companies that are investing in cybersecurity are clueless whether their investments are actually making any difference.
As part of the research, 577 US-based IT and IT security practitioners were surveyed. On average, companies are spending $18.4 million on cybersecurity on an annual basis. In the 2019-2020 period, more than half of them have plans to increase their spending by 14%.
With that being said, 53% of respondents don’t know how well their cybersecurity investments are performing. Not only does this not make it clear whether there are any cybersecurity holes remaining, but it also makes things unclear when it comes to ROI.
However, 39% of respondents did indicate they’re receiving full value from their cybersecurity investments. Interestingly enough, the respondents highlighted another type of problem – cybersecurity tool reporting issues. In concrete terms, 63% of respondents said they’ve encountered a situation where the tool would report the threat as contained, when in reality, it failed to do anything about the problem.
According to Larry Ponemon, founder and chairman at the Ponemon Institute, many businesses respond to a situation like this by throwing more money at the problem.
Brett Galloway, AttackIQ CEO, noted that companies are indeed spending too much on cybersecurity solutions without knowing whether they’re working or not. Since these technologies are used to protect sensitive personal data, this is quite a problem.