By now, stories of security breaches hitting major businesses around the world have become commonplace. The toll taken on such corporations like Target and Home Depot can be disheartening for business leaders, and looking at the bigger picture doesn’t offer a promising view. Cyber security attacks are on the rise. In 2013, there were more than 42 million reported security incidents, a rise of nearly 50% from the previous year. The trend is moving upward, and companies across the globe are trying to respond. According to a recent report from Gartner, global spending on information security is expected to increase by 7.9% to more than $71 billion. Companies of all sizes are making sizable investments in security, a reaction to the evolving nature of cyber attacks. By looking at where organizations are focusing their security funding, others can get a better understanding of where the security risks are most likely to come from.
New and changing technologies are some of the biggest drivers for the major increases in IT security spending. One of the largest areas where businesses are placing much of their attention is in mobile technology. The use of mobile devices is increasing by leaps bounds, with business leaders and employees using smartphones and tablets on a more regular basis than ever before. Many companies are welcoming mobile technology into the workplace through bring your own device (BYOD) policies, but that adoption can also lead to major security risks. In a recent survey of the financial industry, 13% of respondents said BYOD was one of the top three causes for reported security incidents. Employees who use personal mobile devices may unwittingly introduce malware and other harmful programs into a company’s network. For this reason, more businesses are boosting their efforts to secure mobile devices.
Another area of major concern that is driving increased security spending is cloud computing. Most companies say preventing data loss is one of their top priorities, which makes use of the cloud all the more risky. By using the cloud, businesses may put data at risk, or at the very least in the care of a third party, which may not employ sufficient security measures. With this in mind, new technology is being developed to increase cloud security and protect the valuable information contained on the cloud. These two technologies–cloud computing and mobile devices–have seen explosions in popularity, which will likely lead to even more security spending. The same Gartner report estimates that jumps in security investments will continue to grow by more than 8% in 2015.
Further spending in the cloud may indicate another direction other companies are going for security purposes, especially for businesses with limited resources. While large corporations have the means to utilize their own security controls, smaller businesses are looking to use the cloud for that practice. This security delivery through the cloud can free up resources elsewhere and allow small to mid-size businesses to be more agile when responding to security threats. This outsourcing of security controls is likely to grow as well, as more and more organizations are expected to work with firms specifically dedicated to information security services, like more secure infrastructure management and data protection.
There are other ways internally that companies are looking to increase on security investments. One traditional but still effective method is through antivirus protection of endpoint devices. This includes protecting mobile devices, as mentioned above, along with laptops and desktop computers. Investments in mobile security products are also proving to be substantial, with some organizations choosing to focus on mobile device management to make BYOD policies easier to monitor and enforce. Businesses are also spending funds on unified threat management, which includes the installation of network firewalls to protect vital systems and data.
From these statistics, it’s clear that businesses see mobile devices and the cloud as particular concerns for the future security of their organizations. Industries which have been more aggressive in increasing security spending include healthcare and financial services, each having vital information that needs to be protected even as mobile technology and cloud computing become more popular. But even for businesses outside of these areas, security should be a top priority, even if it requires outsourcing that protection. Addressing security now is important to ensure a company can continue to grow and not become another victim of a massive security breach.