“This study shows that the majority of companies are more effective at containing cyberattacks after they happen because it is perceived to be more accountable. This explains why cybersecurity budgets focus on containing attacks rather than preventing them, as well as the increased rate of breaches despite investments in cybersecurity solutions,” said Dr. Larry Ponemon, the Chairman and Founder of the Ponemon Institute. “Prevention of cyberattacks is perceived to be too difficult, but as companies continue to suffer revenue losses due to cyber breaches, we expect budgets to start allocating increased resources to preventative solutions given the amount of money they save.”
The clear benefit of prevention is reflected by the 67 percent of respondents who believe the use of automation and advanced AI such as Deep Learning would improve their ability to prevent attacks, and that, despite the current perceived difficulty, they intend to implement these technologies within the next two years, the study notes.
Additional key findings from the report include:
- With an average budget of $13 million for IT security, 50 percent of respondents say their organizations are wasting limited budgets on investments that don’t improve their cybersecurity posture, and only 40 percent believe their budgets are sufficient.
- Prevention is perceived to be the most difficult to achieve in the cybersecurity lifecycle according to 80 percent of respondents. The reasons cited are that it takes too long to identify, insufficient technology and lack of in-house expertise.
- Organizations are more effective at containing cyberattacks. 55% of respondents feel that they can contain attacks after they happen, and this priority leads IT teams to allocate larger portions of their budgets to containment, rather than prevention.