This blog is an excerpt from a research report titled “Cybersecurity Survey: Industry Professionals Report Rising Threats, Rising Costs.” To download the report, please log in to your SharesPost account or register here.
Human behavior can be hard to change, especially when it comes to cybersecurity. Despite years of high profile breaches, people still use 1-2-3-4 as their pins or “password” as their, well, password.
Unfortunately, some companies might also be guilty of this mindset. According to our latest survey of cybersecurity professionals, 8 percent of respondents reported they effectively spent nothing on cybersecurity, while another 5 percent said they actually plan to spend less on security over the next 12 months.
Those might not seem like big numbers. But given the increasing pace and sophistication of cyberattacks from criminals, terrorists and hostile states (see our earlier report titled “The Third Evolution of Cybersecurity”), such a do nothing or do less mindset from any one company is certainly alarming.
Of the companies that do spend on cybersecurity, there might be a tendency to think one product or service is enough to protect themselves. For example, three quarters of respondents said they actively hold cybersecurity insurance. Since that product is relatively new, 75 percent is a rather high number, which makes us wonder if companies are substituting insurance for effective technology: about 25 percent thought that cybersecurity products were too expensive.
In truth, we tend to think either money or technology individually will solve the problem, a magic bullet that requires no work or sacrifice. Buy a policy or an anti-virus program and everything will be fine. But cybersecurity requires a continuous, holistic approach to secure data.
Here are some other takeaways from the report:
Cyber attacks are a clear and present danger Despite increased awareness of cybersecurity threats, 61 percent of security professionals reported malware, malicious data breaches, hacker activity or other cybersecurity threats over the past 12 months. Moreover, this number likely significantly understates the ubiquity of such breaches because it can’t account for undiscovered breaches, and corporate representatives are often unwilling to disclose breaches, even anonymously.
Companies spend slightly more than they lose from cyber hacks Companies spend an average of $3.1 million per year on cybersecurity software, compared to losing about $3.7 million a year from attacks. The close correlation between cybersecurity spend and the financial impact of cyber breaches reflects a careful balance that companies must strike between risk mitigation and cost efficiency.
Major tech conglomerates are the most popular cybersecurity vendors Cisco, Amazon GuardDuty, IBM, McAfee, and Microsoft Secure were the top five cybersecurity vendors, according to the survey. Such large companies enjoy many competitive advantages over smaller players, including current adoption rates and brand awareness. With the exception of McAfee, these companies can leverage their large portfolio of products and services to win new customers. Amazon GuardDuty, for instance, was the second most popular vendor even though the company only launched its cybersecurity product less than a year ago.
Customers want better threat detection and prevention in Cybersecurity products. In terms of technical features, the most important criteria were threat detection, threat prevention, and IT asset monitoring. That being said, most features had a signi cant number of respondents choosing them as most important, and no one category was drastically more important than others. This is likely re ective of the variation in the technolgical needs of different companies. Whereas price is important to most companies, compliance and IoT securtiy might appeal to very different customers.
This article does not constitute an offer to provide investment advice or service. Registered representatives of SharesPost Financial Corporation do not (1) advise any member on the merits or prudence of a particular investment or transaction, or (2) assist in the determination of fair value of any security or investment, or (3) provide legal, tax, or transactional advisory services.
Securities referenced in this article may be offered by SharesPost Financial Corporation, member FINRA/SIPC. SharesPost Financial Corporation and SP Investments Management are wholly owned subsidiaries of SharesPost, Inc. Certain affiliates of these entities may act as principals in such transactions.
Investing in private company securities is not suitable for all investors. An investment in private company securities is highly speculative, involving a high degree of risk, and investors should be prepared to withstand a total loss of your investment. Private company securities are also highly illiquid and there is no guarantee that a market will develop for such securities. Each investment also carries its own specific risks and investors should conduct their own, independent due diligence regarding the investment, including obtaining additional information about the company, opinions, financial projections and legal or investment advice.
Accordingly, investing in private company securities is appropriate only for those investors who can tolerate a high degree of risk and do not require a liquid investment.
SharesPost, the SharesPost logo, My SharesPost, the SharesPost Index, and SharesPost Investment Management are all registered trademarks of SharesPost, Inc. All other trademarks are the property of their respective owners.
Copyright SharesPost, Inc. 2020. All rights reserved.