Firms spend more on IT security, but can't measure tool effectiveness

More than half of IT security leaders (53 percent) don’t know how well cyber security tools are working, despite an average of $18.4 million in average annual spending on these technologies.

The new report from the Ponemon Institute is based on a survey of 577 information technology and security practitioners in the United States. The report was sponsored by security company AttackIQ.

Despite the widespread uncertainty about the effectiveness of tools, 58 percent of companies will be increasing their IT security budget by an average of 14 percent in the next year, according to the survey.

Nearly two thirds of the respondents (63 percent) said they have observed a security control reporting that it blocked an attack when it had actually failed to do so. Only 39 percent said they are getting full value from their security investments.

HDM-012919-Security.png

Despite deploying many different cyber security products, organizations in general are not confident that their technology investments, staff and processes can reduce the chances of a data breach. This lack of confidence stems largely from uncertainty about the efficacy of cyber security tools and the ability of staff to identify gaps in security and to respond to security incidents in a timely manner.

Fewer than half of IT experts are confident that data breaches can be stopped with their organization’s current investments in technology and staff, and 56 percent said a reason data breaches still occur is because of a lack of visibility into the operations of their security programs.

For reprint and licensing requests for this article, click here.