The Rising Cost of IT Security for Mid to Large-Sized Businesses

Corporate IT security breaches are happening more frequently than ever, are companies finally committing expenditure to a multi-layered approach to network security?

September 08, 2014 by Alex Collins, IT Services Consultant

Rising Cost

The retail giant Target suffered a devastating data security breach at the end of 2013, which resulted in a leak of some 40 million credit card numbers. This event highlighted just how vulnerable any company’s IT systems are to determined cyber-attacks. The incident, which is expected to cost Target hundreds of millions of dollars, has fuelled a huge spike in corporate spending on IT security.

Despite spending $1.6 million on a single malware detection application last year, the aptly named Target was in the sights of a network of cyber-criminals who found their way in to the retailer’s systems. Undetected, the attackers then proceeded to collect credit card information from point-of-sale terminals just as fast as Christmas shoppers’ cards could be exposed to the compromised equipment.

Panic Generates Increase in IT Security Budgets

The Target data breach has sparked a frenzy of IT security spending among large and mid-sized enterprises not just in the United States, but worldwide. From what many pundits quote as under-investment of around 5% of total IT budget on security measures, companies are now committing up to 15% of information technology expenditure to security improvements.

According to Gartner, a research firm, a medium sized business should expect to spend $50,000 to $100,000 annually on IT security measures, while a large enterprise might require expenditure of up to $10 million. While these are staggering sums of money, the incident at Target puts this spending into perspective. By the beginning of February this year, Target had already spent $61 million in dealing with the breach they suffered at the hands of the Russian and Eastern European criminal organization.

In a survey conducted recently by BAE Systems Applied Intelligence, almost 30% of American companies surveyed estimated the cost of any cyber-attack would exceed $70 million, while almost half the companies estimated costs of more than $15 million. Given the rate at which corporate IT security breaches are taking place currently across many commercial sectors, including government agencies and healthcare institutions, an expenditure of $10 million will pay for itself if a single such breach is successfully prevented.

What Threats Lurk in the Cyber-Jungle?

Global spending on commercial IT security is in the region of $46 billion per year, yet the number of breaches is increasing by 20% annually. The main problem is that threats come from so many different quarters. The internet is a jungle – but one that few businesses can afford not to set foot in.

As recently as a few weeks ago, news broke about a group of Russian hackers, known as CyberVor, who have stolen 1.2 billion user names and passwords from around 500,000 different websites. This heist is the largest known theft of personal information from hackers and includes attacks on individuals as well as large and small business websites.

DDoS Attacks and Ransomeware

In addition to crime rings stealing corporate data, companies face the constant threat of ever-evolving viruses and distributed denial of service attacks (DDoS). Some of the most recent viruses, known as ransom-ware, can actually encrypt a company’s data, rendering it inaccessible without the key for decryption. Criminals behind the virus then demand a sum of money to be paid in return for providing the decryption key.

Meanwhile, the first half of this year saw a rash of nearly 6,000 DDoS attacks designed to bring down websites. These attacks are possibly used as a smokescreen to cover the activities of cyber-criminals as they infiltrate networks for theft of data and intellectual property.

With so many potential ways to hemorrhage data, money and intellectual property, many companies are finally committing expenditure to a multi-layered approach to network security. However, sophisticated cyber-criminals can only be thwarted by sophisticated security: meaning the business world is likely to see phenomenal rates of spending on IT security for years to come.

The All Covered Difference

All Covered is here to work with you to set up comprehensive security plan. Our goal is to protect your company’s data by implementing a solid IT infrastructure. Contact us today at (866)446-1133 for more information or to schedule a consultation.