Organizations need to prioritize their security spending decisions based on real expectations of the impact on revenue if cyber thieves steal important IP.
Waltham, MA (PRWEB) April 16, 2013
Cyber thieves and malicious insiders seeking to steal intellectual property (IP) and other trade secrets to further nation-state or competitive aims are targeting U.S. firms at an alarming rate, yet most organizations with valuable assets to protect are not budgeting to effectively protect those assets, according to a recent survey.
A February 2013 commissioned Forrester Consulting Technology Adoption Profile (TAP) study conducted by Forrester Consulting on behalf of Verdasys says most surveyed firms fail to calculate information security costs against the revenue potential for new products and services, and that they need to prioritize their security spending decisions based on real expectations of the impact on revenue if cyber thieves steal important IP. And, while firms believe they are responding to the risks posed by cyber threat, most need better financial tools and processes to value information, measure and track protection costs and build the business case for more effective information security.
"While these firms may believe they have good budgeting practices in place, it is very likely that they do not," said the study. “Even though awareness is at an all-time high, senior leaders still demand a sound business case when making investments of any kind. The questions they ask are, 'If we spend this money, is our intellectual property going to be any more secure?' The IT department simply budgeting for security based on historic data is no longer sufficient," the study said. "Organizations need to prioritize their security spending decisions based on real expectations of the impact on revenue if cyber thieves steal important IP."
To create the survey, Forrester leveraged its Forrsights Security Survey from Q2 2012, including 1,053 security decision makers at North American organizations of 500 or more, supplementing this data with custom survey questions asked in Dec. 2012 of 50 security decision makers in North American organizations with 500 or more employees.
High profile breaches at technology, aerospace, oil, and manufacturing companies have increased risk awareness at the executive level, with approximately 463 decision makers stating that these public cyber attacks have resulted in increased attention on the security of intellectual property and corporate secrets at their firms. But while 76% of respondents said their firms rigorously evaluate information security budgets each year to ensure sufficient funding to address known and anticipated cyber threats, 52% said they only sometimes, rarely or never include the revenue potential for new products or services and a potential significant loss in revenue if a cyber attack is successful in calculating information security costs.
Companies can better estimate their information security costs by business area and product line using a ratio of security cost and product revenue as a planning tool to aid financial investment in information security. This value-based approach to protecting critical data can better assist firms in providing financially-driven answers to the questions, “Are we spending the right amount of money?” and “Are we secure enough?”
To learn more, join guest speaker Ed Ferrara, Principal Analyst Serving Security and Risk Professionals, Forrester Research, Inc., and Bill Munroe, Vice President of Marketing at Verdasys for a live webinar, on Wed., April 24 at 10:00 am ET. Register free: http://www2.verdasys.com/l/17352/2013-03-20/7mptf
Download the survey: http://www2.verdasys.com/l/17352/2013-04-15/8b4ch
Verdasys (http://verdasys.com) provides Enterprise Information Protection solutions and managed services to secure sensitive data and assure the integrity of business processes, enabling midsize and global businesses to successfully compete in collaborative and mobile environments. Digital Guardian, a Leader in Gartner’s Magic Quadrant for Content-Aware Data Loss Prevention, is a proven technology platform that provides complete, policy-based data lifecycle monitoring, classification, control and forensics on endpoints and servers, virtual machines and enterprise applications, networks, mobile devices and cloud environments. Digital Guardian protects IP and regulated data from compromise by insiders, contractors, partners and targeted cyber attacks. Since 2003, millions of Digital Guardian agents have been deployed to protect critical data for global leaders in manufacturing, pharmaceuticals, high technology, energy, financial services, and government.
Contact: Betsy Kosheff, 413-232-7057 bkosheff(at)verdasys(dot)com