Companies are spending close to $70 billion a year on cybersecurity tools but are still not convinced their data is truly secure, a new study has revealed.
According to RAND Corporation, a California-based nonprofit global policy think tank, several chief information security officers believe that attackers are gaining on their defences.
Despite this, the worldwide spending on cybersecurity is growing at 10 to 15 percent annually because they believe hackers may gain the upper hand two to five years from now so they need to pull up the socks.
“Despite the pessimism in the field, we found that companies are paying a lot more attention to cybersecurity than they were even five years ago,” said Martin Libicki, co-lead author of the study and senior management scientist at RAND.
Companies that did not even have a chief information security officer five years ago have one now and the CEOs are more likely to listen to them.
“Core software is improving and new cybersecurity products continue to appear, which is likely to make a hacker’s job more difficult and more expensive,” Libicki said.
Charting the future of cybersecurity is difficult because so much is shrouded in secrecy.
The RAND study draws on interviews with 18 chief information security officers and details the burgeoning world of cybersecurity products.
It also reviews the relationship between software quality and the processes used to discover software vulnerabilities.
“Companies know what they spend on cybersecurity, but quantifying what they save by preventing malicious attacks is much harder to tally,” added Lillian Ablon, co-lead author of the report.
In addition, malicious hackers can be extremely sophisticated, so costly measures to improve security beget countermeasures from hackers.
Cybersecurity is a continual cycle of trying to eliminate weaknesses and out-think an attacker.
“Currently, the best that defenders can do is to make it expensive for the attackers in terms of money, time, resources and research,” the authors said.