This blog is an excerpt from a research report titled “Cybersecurity Survey: Industry Professionals Report Rising Threats, Rising Costs.” To download the report, please log in to your SharesPost account or register here.
Human behavior can be hard to change, especially when it comes to cybersecurity. Despite years of high profile breaches, people still use 1-2-3-4 as their pins or “password” as their, well, password.
Unfortunately, some companies might also be guilty of this mindset. According to our latest survey of cybersecurity professionals, 8 percent of respondents reported they effectively spent nothing on cybersecurity, while another 5 percent said they actually plan to spend less on security over the next 12 months.
Those might not seem like big numbers. But given the increasing pace and sophistication of cyberattacks from criminals, terrorists and hostile states (see our earlier report titled “The Third Evolution of Cybersecurity”), such a do nothing or do less mindset from any one company is certainly alarming.
Of the companies that do spend on cybersecurity, there might be a tendency to think one product or service is enough to protect themselves. For example, three quarters of respondents said they actively hold cybersecurity insurance. Since that product is relatively new, 75 percent is a rather high number, which makes us wonder if companies are substituting insurance for effective technology: about 25 percent thought that cybersecurity products were too expensive.
In truth, we tend to think either money or technology individually will solve the problem, a magic bullet that requires no work or sacrifice. Buy a policy or an anti-virus program and everything will be fine. But cybersecurity requires a continuous, holistic approach to secure data.
Here are some other takeaways from the report:
Cyber attacks are a clear and present danger Despite increased awareness of cybersecurity threats, 61 percent of security professionals reported malware, malicious data breaches, hacker activity or other cybersecurity threats over the past 12 months. Moreover, this number likely significantly understates the ubiquity of such breaches because it can’t account for undiscovered breaches, and corporate representatives are often unwilling to disclose breaches, even anonymously.
Companies spend slightly more than they lose from cyber hacks Companies spend an average of $3.1 million per year on cybersecurity software, compared to losing about $3.7 million a year from attacks. The close correlation between cybersecurity spend and the financial impact of cyber breaches reflects a careful balance that companies must strike between risk mitigation and cost efficiency.
Major tech conglomerates are the most popular cybersecurity vendors Cisco, Amazon GuardDuty, IBM, McAfee, and Microsoft Secure were the top five cybersecurity vendors, according to the survey. Such large companies enjoy many competitive advantages over smaller players, including current adoption rates and brand awareness. With the exception of McAfee, these companies can leverage their large portfolio of products and services to win new customers. Amazon GuardDuty, for instance, was the second most popular vendor even though the company only launched its cybersecurity product less than a year ago.
Customers want better threat detection and prevention in Cybersecurity products. In terms of technical features, the most important criteria were threat detection, threat prevention, and IT asset monitoring. That being said, most features had a signi cant number of respondents choosing them as most important, and no one category was drastically more important than others. This is likely re ective of the variation in the technolgical needs of different companies. Whereas price is important to most companies, compliance and IoT securtiy might appeal to very different customers.
CONFLICTS: This report is being published by SharesPost Research LLC and distributed by SharesPost Financial Corporation, a member of FINRA/SIPC. SharesPost Research LLC, SharesPost Financial Corporation, and SP Investments Management LLC, an investment adviser registered with the Securities and Exchange Commission, are wholly owned subsidiaries of SharesPost Inc. SP Investments Management is the investment manager of the SharesPost 100 Fund, a registered investment company, and other funds.
Recipients who are not market professionals or clients of SharesPost Financial Corporation should seek the advice of their own personal financial advisors before making any investment decisions based on this report. None of the information contained in this report represents an offer to buy or sell, or a solicitation of an offer to buy or sell, any security, and no buy or sell recommendation should be implied, nor shall there be any sale of these securities in any state or governmental jurisdiction in which said offer, solicitation, or sale would be unlawful under the securities laws of any such jurisdiction. This report does not constitute an offer to provide investment advice or services. Registered representatives of SharesPost Financial Corporation do not (1) advise any member on the merits or advisability of a particular investment or transaction, (2) assist in the determination of fair value of any security or investment, or (3) provide legal, tax, or transactional advisory services.
Information regarding companies in the SharesPost 100 List available on the website has been collected from or generated from publicly available sources. The availability of company information does not indicate that these companies have endorsed, supported, or otherwise participated with SharesPost. Company “thesis” is the opinion of SharesPost and is not a recommendation to buy, sell, or hold any security of such company.
Investors should be aware that, at any given point in time, the SharesPost 100 Fund (the “Fund”) may or may not have an ownership interest in any of the issuers discussed in the report. Accordingly, investors should not rely on the content of this report when deciding whether to buy, hold, or sell interests in the Fund. Instead, investors are encouraged to do their own independent research. Before investing in the Fund, investors are cautioned to carefully consider the investment objectives, risks, charges, and expenses before investing. For a prospectus containing more information about the Fund, please visit www.sharespost100fund.com. Read the prospectus carefully before investing.
ANALYST CERTIFICATION: The analyst(s) certifies that the views expressed in this report accurately reflect the personal views of such analyst(s) about any and all of the subject securities or issuers and that no part of such analyst compensation was, is, or will be, directly or indirectly related to the specific views contained in this report.
Analyst compensation is based upon various factors, including the overall performance of SharesPost Inc. and its subsidiaries and the performance and productivity of such analyst, including (1) feedback from clients of the SharesPost Financial Corporation and other stakeholders in our ecosystem, (2) the quality of such analyst’s research, and (3) the analyst’s contribution to the growth and development of our overall research effort. Analyst compensation is derived from all revenue sources of SharesPost Inc., including brokerage sales.
DISCLAIMER: This report does not contain a complete analysis of every material fact regarding any issuer, industry, or security. The opinions expressed in this report reflect our judgment at this date and are subject to change. The information contained in this report has been obtained from sources we consider to be reliable; however, we cannot guarantee the accuracy of all such information.
Any securities offered are offered by SharesPost Financial Corporation, a member of FINRA/SIPC. SharesPost Financial Corporation and SP Investments Management are wholly owned subsidiaries of SharesPost Inc. Certain affiliates of these entities may act as principals in such transactions.
Investing in private company securities is not suitable for all investors. An investment in private company securities is highly speculative and involves a high degree of risk. It should only be considered as a long-term investment. You must be prepared to withstand a total loss of your investment. Private company securities are also highly illiquid, and there is no guarantee that a market will develop for such securities. Each investment also carries its own specific risks. You should complete your own independent due diligence regarding the investment, including obtaining additional company information, opinions, financial projections, and legal or other investment advice.
Investing in private company securities is appropriate only for those investors who can tolerate a high degree of risk and do not require a liquid investment.
SharesPost, the SharesPost logo, My SharesPost, the SharesPost Index, SharesPost Investment Management, the SharesPost 100 Fund, and the SharesPost 100 List are all registered trademarks of SharesPost Inc. All other trademarks are the property of their respective owners.
Copyright © SharesPost, Inc. 2019. All rights reserved.