New Ponemon Institute research finds that 70 percent of security professionals believe the ability to effectively prevent cyberattack penetration strengthens their security posture, yet only 24 percent are focused on optimizing prevention capabilities –majority focus on detection and containment instead. 
“The Economic Value of Prevention in the Cybersecurity Lifecycle” report also found that while the overwhelming majority of cybersecurity professionals (70%) felt the ability to prevent attacks from penetrating their networks would improve their cybersecurity posture and reduce the cost of an attack, only a relatively small 21 percent of budgets are allocated to attack prevention. 79% of budget allocation is delegated for detection, containment, recovery and remediation activities. The study, which was sponsored by Deep Instinct, determined that effective adoption of a preventative solution - when compared to the current spending of security departments and the cost of attacks - would result in significant cost reductions and require lower overall investment. 

“This study shows that the majority of companies are more effective at containing cyberattacks after they happen because it is perceived to be more accountable. This explains why cybersecurity budgets focus on containing attacks rather than preventing them, as well as the increased rate of breaches despite investments in cybersecurity solutions,” said Dr. Larry Ponemon, the Chairman and Founder of the Ponemon Institute. “Prevention of cyberattacks is perceived to be too difficult, but as companies continue to suffer revenue losses due to cyber breaches, we expect budgets to start allocating increased resources to preventative solutions given the amount of money they save.”

The clear benefit of prevention is reflected by the 67 percent of respondents who believe the use of automation and advanced AI such as Deep Learning would improve their ability to prevent attacks, and that, despite the current perceived difficulty, they intend to implement these technologies within the next two years, the study notes.

Additional key findings from the report include:

  • With an average budget of $13 million for IT security, 50 percent of respondents say their organizations are wasting limited budgets on investments that don’t improve their cybersecurity posture, and only 40 percent believe their budgets are sufficient. 
  • Prevention is perceived to be the most difficult to achieve in the cybersecurity lifecycle according to 80 percent of respondents. The reasons cited are that it takes too long to identify, insufficient technology and lack of in-house expertise.
  • Organizations are more effective at containing cyberattacks. 55% of respondents feel that they can contain attacks after they happen, and this priority leads IT teams to allocate larger portions of their budgets to containment, rather than prevention.