WASHINGTON: The recent epidemic of cyberattacks has led to greater investment and spending on security, but fears are rising that hackers are gaining the upper hand, a study showed Wednesday.
A Rand Corporation study based on a survey of company chief information officers said rising concerns from high-profile incidents have made cybersecurity a priority for many organizations.
The authors cited prior research showing worldwide spending on cybersecurity is approaching $70 billion per year and growing at 10 to 15 percent annually but said that “it would be an understatement to say organizations are dissatisfied with their security.”
“Companies know what they spend on cybersecurity, but quantifying what they save by preventing malicious attacks is much harder to tally,” said Lillian Ablon, a Rand researcher and co-author of the report.
“Cybersecurity is a continual cycle of trying to eliminate weaknesses and out-think an attacker. Currently, the best that defenders can do is to make it expensive for the attackers in terms of money, time, resources and research.”
The researchers found that the effect of a cyberattack on reputation — rather than direct costs — caused the most concern for chief information security officers.
The report in coordination with Juniper Networks said the cost of managing cybersecurity is set to increase 38 percent over the next 10 years across all businesses — largely from investment in tools and training, and dealing handling the use of personal devices such as smartphones which connect to corporate networks.
“One of the most challenging issues facing companies is the countermeasures attackers use to evade defenses,” the report said.
“Attackers are constantly developing countermeasures to new security technologies, which limits the relative effectiveness of those tools over time and requires companies to invest in new technologies to take their place.”