High-profile data breaches will lead two-thirds of companies to raise their budgets for cyber security by at least 5 per cent over the next year.
Companies are increasingly allocating money to securing cloud computing and towards analytics software that can monitor their networks and detect unusual activity, the EY consultancy found in a survey of 1,400 executives and IT professionals. Companies are spending more on training, as business activities move into the cloud and beyond company servers where they can be monitored by IT staff, said Gavin Cartwright, associate partner at EY.
Careless or unaware employees were still considered the riskiest vulnerability, the research highlighted. Sellers of analytics products include Cisco, RSA and the British cyber security start-up Darktrace, said Joseph Blankenship, an analyst at Forrester. “One of the things we struggle with in cyber security is that we have lots and lots and lots and lots of data,” he said. “So far, I don’t think we’ve effectively seen a system that can effectively cut the human out of the loop.”
New rules such as the EU’s General Data Protection Regulation, which came into force in May, have raised the stakes for companies. GDPR, which applies to all businesses with European customers, has increased the maximum penalty for failing to protect data to 4 per cent of global turnover or €20m, whichever is greater. So far, I don’t think we’ve effectively seen a system that can effectively cut the human out of the loop Joseph Blankenship “Financially and reputationally there is a recognition that security needs to play a bigger role than it has,” Mr Cartwright said. “The mindset has shifted.”
Research published this week by Gemalto, the security consultancy, showed 4.5bn data records had been compromised in the first six months of 2018 — more than double the previous year — after major vulnerabilities were disclosed by Facebook and Twitter. A big leak of biometric data in India also contributed to the figure for compromised data logs, highlighting the huge scale of data loss online.
Revelations in the Tribune News Service in January showed that an anonymous online service had sold leaked information from India’s Aadhaar ID cards. “Everyone who is using or monetising data should be protecting it mandatorily,” said Jason Hart, chief technology officer of data protection at Gemalto.