On Alert: Spending on Information Security is Going Up

It looks like the importance of information security is finally getting everyone’s attention.   

New data from Gartner shows that the worldwide spending on information security is going to climb 7.9% in 2014 to $71.1 billion. By 2015, total information security spending is forecasted to increase to $76.9 billion.

Gartner is an information technology research and advisory company headquartered in Stamford, Conn. In a statement, Lawrence Pingree, the research director at Gartner, said: “The increasing adoption of mobile, cloud and social activity (often interacting together) will drive the use of new security technology and services through 2016.” 

But it was the spike in advanced targeted attacks in 2013 that “lead to increased awareness among organizations that would have traditionally treated security as an IT function and a cost center.”

According to Symantec Global Intelligence Network’s 2014 Internet Security Threat Report, there was a 91% increase in targeted attacks campaigns in 2013, and a 62% increase in the number of data breach incidents.

Breaches exposed over 552 million identities in 2013 – compared to 93 million in 2012.

The Symantec report showed that each of the eight top data breaches in 2013 resulted in the loss of tens of millions of data records including credit card information, birth dates, government ID numbers, home addresses, medical records, phone numbers, financial information, email addresses, logins and passwords. 

Then, there was the actual financial cost.

The 2014 Cost of Data Breach Study: Global Analysis showed that the average cost to a company was $3.5 million – 15% more than what it cost in 2013.

This study also asked respondents about the level of investment in their organizations’ security strategy and mission. On average, respondents would like to see it doubled from what they think will be spent (an average of $7 million) to what they would like to spend (an average of $14 million).

Here are ways to better protect information in the workplace:

• Demonstrate a top-down commitment from management to the total security of your business and customer information. Here’s how to create a total security culture in your organization.

• Know your data, says Symantec. “Protection must focus on the information – not the device or data center. Understand where sensitive data resides and where it is flowing to help identify the best policies and procedures to protect it.”

• The Internet Security Threat Report survey recommends minimum collection and retention of personally identifiable information with physical access restrictions to records containing personal data.

• Educate employees. Train employees about information security – all the policies, including a mobile device policy – and how to follow them rigorously.

• Conduct periodic security audits to identify areas of risk in the document management processes.

• Strengthen the security infrastructure with the latest (and regularly updated) data loss prevention, network security, endpoint security, encryption, strong authentication and defensive measures. Gartner forecasts that by the end of 2015, about 30% of infrastructure protection products will be purchased as part of a suite offering.

• Partner with a company that provides a full range of destruction services for all documents that are no longer needed. Gartner predicts that by 2018, more than half of organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance security. 

• Implement a "shred-all" policy, which removes the decision-making process regarding what is and isn't confidential. 

Listen to this podcast on how a company can best protect its data.