sb-au logo
Story image

Breaches on the rise despite increased security spend, survey finds

Despite an increase in cybersecurity spending, there was still an increase in breaches in 2019, according to a new report from ServiceNow.

The study, Costs and Consequences of Gaps in Vulnerability Response, found that despite a 24% average increase in annual spending on prevention, detection and remediation in 2019 compared with 2018, patching is delayed an average of 12 days due to data silos and poor organisational coordination. 

Looking specifically at the most critical vulnerabilities, the average timeline to patch is 16 days, the report found.

At the same time, the risk is increasing, ServiceNow says.

According to the findings, there was a 17% increase in cyberattacks over the past year, and 60% of breaches were linked to a vulnerability where a patch was available, but not applied.  

The study surveyed almost 3,000 security professionals in nine countries to understand how organisations are responding to vulnerabilities. 

The survey results reinforce a need for organisations to prioritise more effective and efficient security vulnerability management:

  • 34% increase in weekly costs spent on patching compared to 2018.
  • 30% more downtime vs. 2018, due to delays in patching vulnerabilities.
  • 69% of respondents plan to hire an average of five staff members dedicated to patching in the next year, at an average cost of $650,000 annually for each organisation.
  • 88% of respondents said they must engage with other departments across their organisations, which results in coordination issues that delay patching by an average of 12 days.

The findings also indicate a persistent cybercriminal environment, underscoring the need to act quickly:

  • 17% increase in the volume of cyberattacks in the last 12 months compared to the same timeframe in 2018.
  • Nearly 27% increase in cyberattack severity compared to 2018.

The report points to other factors beyond staffing that contribute to delays in vulnerability patching:

  • 76% of respondents noted the lack of a common view of applications and assets across security and IT teams.
  • 74% of respondents said they cannot take critical applications and systems offline to patch them quickly.
  • 72% of respondents said it is difficult to prioritise what needs to be patched.

According to the findings, automation delivers a significant payoff in terms of being able to respond quickly and effectively to vulnerabilities. Eighty percent of respondents who employ automation techniques say they respond to vulnerabilities in a shorter timeframe through automation.

"This study shows the vulnerability gap that has been a growing pain point for CIOs and CISOs," say Sean Convery, general manager, ServiceNow Security and Risk. 

"Companies saw a 30% increase in downtime due to patching of vulnerabilities, which hurts customers, employees and brands. Many organisations have the motivation to address this challenge but struggle to effectively leverage their resources for more impactful vulnerability management," he explains. 

"Teams that invest in automation and maturing their IT and security team interactions will strengthen the security posture across their organisations."

Link image
Put the pedal to the metal on the road to automation
Forrester data indicates that process automation was a strategic initiative for many organizations before COVID and remains so after. Catch this webinar to learn more about automation.More
Link image
Webcast series: The necessary tools to secure a remote workforce
Experts from across the A/NZ region discuss the best security practices in a remote working world - with sessions available on the first Thursday of every month.More
Link image
What's new in Genetec Security Center 5.9
The platform supports physical security that empowers organisations with greater situational awareness.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More