This blog is an excerpt from a research report titled “Cybersecurity Survey: Industry Professionals Report Rising Threats, Rising Costs.” To download the report, please log in to your SharesPost account or register here.
Human behavior can be hard to change, especially when it comes to cybersecurity. Despite years of high profile breaches, people still use 1-2-3-4 as their pins or “password” as their, well, password.
Unfortunately, some companies might also be guilty of this mindset. According to our latest survey of cybersecurity professionals, 8 percent of respondents reported they effectively spent nothing on cybersecurity, while another 5 percent said they actually plan to spend less on security over the next 12 months.
Those might not seem like big numbers. But given the increasing pace and sophistication of cyberattacks from criminals, terrorists and hostile states (see our earlier report titled “The Third Evolution of Cybersecurity”), such a do nothing or do less mindset from any one company is certainly alarming.
Of the companies that do spend on cybersecurity, there might be a tendency to think one product or service is enough to protect themselves. For example, three quarters of respondents said they actively hold cybersecurity insurance. Since that product is relatively new, 75 percent is a rather high number, which makes us wonder if companies are substituting insurance for effective technology: about 25 percent thought that cybersecurity products were too expensive.
In truth, we tend to think either money or technology individually will solve the problem, a magic bullet that requires no work or sacrifice. Buy a policy or an anti-virus program and everything will be fine. But cybersecurity requires a continuous, holistic approach to secure data.
Here are some other takeaways from the report:
Cyber attacks are a clear and present danger Despite increased awareness of cybersecurity threats, 61 percent of security professionals reported malware, malicious data breaches, hacker activity or other cybersecurity threats over the past 12 months. Moreover, this number likely significantly understates the ubiquity of such breaches because it can’t account for undiscovered breaches, and corporate representatives are often unwilling to disclose breaches, even anonymously.
Companies spend slightly more than they lose from cyber hacks Companies spend an average of $3.1 million per year on cybersecurity software, compared to losing about $3.7 million a year from attacks. The close correlation between cybersecurity spend and the financial impact of cyber breaches reflects a careful balance that companies must strike between risk mitigation and cost efficiency.
Major tech conglomerates are the most popular cybersecurity vendors Cisco, Amazon GuardDuty, IBM, McAfee, and Microsoft Secure were the top five cybersecurity vendors, according to the survey. Such large companies enjoy many competitive advantages over smaller players, including current adoption rates and brand awareness. With the exception of McAfee, these companies can leverage their large portfolio of products and services to win new customers. Amazon GuardDuty, for instance, was the second most popular vendor even though the company only launched its cybersecurity product less than a year ago.
Customers want better threat detection and prevention in Cybersecurity products. In terms of technical features, the most important criteria were threat detection, threat prevention, and IT asset monitoring. That being said, most features had a signi cant number of respondents choosing them as most important, and no one category was drastically more important than others. This is likely re ective of the variation in the technolgical needs of different companies. Whereas price is important to most companies, compliance and IoT securtiy might appeal to very different customers.
This report is distributed by SharesPost Financial Corporation, a member of FINRA/SIPC. SharesPost Research LLC, SharesPost Financial Corporation, and SP Investments Management, LLC, an investment adviser registered with the Securities and Exchange Commission, are wholly owned subsidiaries of SharesPost, Inc.
Recipients who are not market professionals or clients of SharesPost Financial Corporation should seek the advice of their own financial advisors before making any investment decisions. None of the information contained in this report represents an offer to buy or sell, or a solicitation of an offer to buy or sell, any security, and no buy or sell recommendation should be implied, nor shall there be any sale of these securities in any state or governmental jurisdiction in which said offer, solicitation, or sale would be unlawful under the securities laws of any such jurisdiction.
This report does not constitute an offer to provide investment advice or service. Registered representatives of SharesPost Financial Corporation do not (1) advise any member on the merits or prudence of a particular investment or transaction, or (2) assist in the determination of fair value of any security or investment, or (3) provide legal, tax, or transactional advisory services.
The analyst(s) certifies that the views expressed in this report accurately reflect the personal views of such analyst(s) about the subject matter therein, including all of the subject securities or issuers, and that no part of such analyst compensation was, is, or will be during their employ directly or indirectly related to their specific views contained in this report.
Analyst compensation is indirectly based upon the growth and success of SharesPost, Inc., including the overall performance of its subsidiaries, the individualized performance of any such analyst, and the development and progression of the overall research effort. SharesPost, Inc. earns revenue from, among other avenues, brokerage sales, and therefore the analyst may indirectly benefit from research reports that have the ultimate effect of increasing trading activity, either through SharesPost Financial Corporation and/or with SharesPost Investment Management, LLC.
This report does not contain a complete analysis of every material fact regarding any issuer, industry, transaction, or security. The opinions expressed in this report reflect the judgment of the analyst at a specific point in time and are subject to change. The information contained in this report has been obtained from sources the analysts consider to be reliable; however, there is no guarantee the any of the information is accurate.
Securities referenced in this report may be offered by SharesPost Financial Corporation, member FINRA/SIPC. SharesPost Financial Corporation and SP Investments Management are wholly owned subsidiaries of SharesPost, Inc. Certain affiliates of these entities may act as principals in such transactions.
Investing in private company securities is not suitable for all investors. An investment in private company securities is highly speculative, involving a high degree of risk, and investors should be prepared to withstand a total loss of your investment. Private company securities are also highly illiquid and there is no guarantee that a market will develop for such securities. Each investment also carries its own specific risks and investors should conduct their own, independent due diligence regarding the investment, including obtaining additional information about the company, opinions, financial projections and legal or investment advice.
Accordingly, investing in private company securities is appropriate only for those investors who can tolerate a high degree of risk and do not require a liquid investment.
SharesPost, the SharesPost logo, My SharesPost, the SharesPost Index, and SharesPost Investment Management are all registered trademarks of SharesPost, Inc. All other trademarks are the property of their respective owners.
Copyright SharesPost, Inc. 2019. All rights reserved.