What's the cost of securing your network from a cyber attack? According to Precision Analytics and The CAP Group, many companies are now spending less than 0.2 percent of their revenue on cybersecurity, at least one-third less than financial institutions. If that's you then you may have a cyber blind spot. Brian Walker, a former head of global information technology for Marathon Oil said , "It’s scary…Executives making funding decisions aren't necessarily millennials who intuitively understand how cyber threats work. It’s guys my age that are the problem,” according to Walker, who said he's in his early 50s. “We've been 30-years-trained in a world that doesn't work this way anymore. This cyber blind spot is a real challenge,” Walker said. “Our fear is that we will play an ostrich and put our head in the sand until something blows up and people get killed, or until the lights go out for a month.”
The threat isn't new, but it is escalating.
Financial services and retailers have been in the limelight for data breaches. Based on analysis developed over 15 years, energy companies that earn $1 billion in revenue a year generally spend about $1 million for cybersecurity; precision found. In comparison, companies within the financial industry with $1 billion in revenue could spend as much as $3 million.
The approach to cybersecurity is also affected by the normal separation of departments within individual companies, the experts said. “At many companies, IT security typically falls under the purview of the chief information officer, while operations security staff report to a different boss,” Walker said. The result, there is a communications gap.
It's not that the companies don't care about security. But the threat is growing exponentially, and companies of all types have had a hard time keeping up. For instance, “there's been a dramatic rise in so-called supply-chain attacks where a software update itself has been compromised before it's even introduced into a company system,” Walker said.
Do you have a blind spot? Is it under investment in cybersecurity? Or do you have an overdose of confidence in the shiny security whizzbang, which the vendor promised would be as effective as Iron Dome?
